JP2016218770A - Electronic file transfer system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a system or the like, configured to quickly transmit the contents of an electronic file to an intended party, while maintaining confidentiality of the file.SOLUTION: On receipt of an authentication data notification request including a file ID, an authentication data request reception data storage control unit 24 of a server device 4 stores authentication data request reception data, which indicates that the authentication data notification request has been received, in association with the file ID and second specifying data which specifies a receiving terminal device 6, on a database. An authentication data request notification control unit 23 of a transmitting terminal device 5 searches the database 12 of the server device 4, and displays information that the authentication data notification request has been received from the receiving terminal device 6 specified by the second specifying data corresponding to the authentication data request reception data, on a display device of the transmitting terminal device 5 when there is authentication data request reception data associated with the file ID of the electronic file to be controlled by the transmitting terminal device 5 on authentication data transmission.SELECTED DRAWING: Figure 2

Description

The present invention relates to transmission / reception of electronic files, and more particularly to a technique for delivering electronic files while maintaining confidentiality of the electronic files.

  Techniques for maintaining the confidentiality of electronic files using methods such as encryption and password lock are known.

  For example, an encrypted electronic file (hereinafter sometimes referred to as an “encrypted file”) is attached to an e-mail and sent to the other e-mail address, and the decryption password is changed to the same e-mail address. Sending by e-mail. According to this method, the electronic file can be delivered while maintaining confidentiality.

  However, since the encrypted file and password are sent via the same transfer path, if the third party monitors the transfer path, the encrypted file and password are obtained by the third party. There is a danger. Also, if e-mail transmission for sending a password is delayed or forgotten, there is a risk that the contents of the electronic file will not be transmitted to the other party in a timely manner.

  In order to avoid such danger, the first e-mail address of the other party and the second e-mail address of the same other party having a different domain name are stored in association with each other, and the encrypted file is stored in the first file. There has been proposed an e-mail processing apparatus configured to transmit a password to a first e-mail address and automatically transmit a password to a second e-mail address (see paragraph [0006] of FIG. 7, FIG. 7). Etc.). By using this apparatus, it is possible to reduce the possibility of leakage of confidential information of electronic files on the transfer path, and it is possible to prevent delays and forgotten passwords.

However, even if such a device is used, confidential information leaks to an unintended partner if the sender incorrectly sends the partner, regardless of whether the encrypted file and password are sent to the same person. There is a danger. Moreover, when an encrypted file is sent to the other party, the password is automatically sent to the other party, so even if the sender notices that the other party sent the encrypted file by mistake, there is no way to stop sending the password. .

JP 2014-225129 A

An object of the present invention is to solve such a conventional problem, and to provide a system or the like that can quickly convey the contents to an intended party while maintaining the confidentiality of an electronic file.

  An electronic file transfer system according to the present invention includes a server device provided with a database, and a first terminal device and a second terminal device capable of communicating information with the server device via information communication means. In the electronic file transfer system, the server device includes a server-side control unit that performs control processing in the server device, the first terminal device includes a first control unit that performs control processing in the first terminal device, and a second The terminal device includes a second control unit that performs control processing in the second terminal device, and the server-side control unit is an authentication data notification request for requesting notification of authentication data related to an electronic file from the second terminal device. Authentication data request received data indicating that an authentication data notification request has been received upon receipt of an authentication data notification request including a file ID that is a file identification mark An authentication data request received data storage control unit that stores in a database in association with the second identification data that is data for identifying the file ID and the second terminal device. If there is authentication data request received data associated with the file ID of the electronic file for which the first terminal device has a right / no permission to send authentication data by searching the database, on the first terminal device based on the database, By notifying that the authentication data notification request has been received from the second terminal device specified by the second specific data corresponding to the authentication data request received data, the first terminal device transmits authentication data to the second terminal device. An authentication data request notification control unit configured to support determination of acceptance or rejection is provided.

The features of the present invention can be broadly shown as described above, but the configuration and contents thereof, together with the objects and features, will be further clarified by the following disclosure in view of the drawings.

  An electronic file transfer system according to a first invention of the present application includes a first terminal device and a second terminal device capable of communicating information between a server device provided with a database and a server device via information communication means, The server device includes a server-side control unit that performs control processing in the server device, and the first terminal device includes a first control unit that performs control processing in the first terminal device. The second terminal device includes a second control unit that performs control processing in the second terminal device, and the server-side control unit is an authentication data notification request for requesting notification of authentication data regarding the electronic file from the second terminal device. When an authentication data notification request including a file ID that is an electronic file identification mark is received, an authentication data request indicating that the authentication data notification request has been received has been received. An authentication data request received data storage control unit that stores the data in a database in association with the file ID and the second identification data that is data for identifying the second terminal device. When the database of the server device is searched and there is authentication data request received data associated with the file ID of the electronic file for which the first terminal device is authorized to transmit / receive authentication data, the first terminal is based on the database. The device notifies the second terminal device by the first terminal device by notifying that the authentication data notification request has been received from the second terminal device specified by the second specific data corresponding to the authentication data request received data. An authentication data request notification control unit configured to support determination of whether or not to permit data transmission is provided.

  As described above, in this system, when there is an authentication data notification request regarding an electronic file from the second terminal device, the first terminal device having the authority to authorize transmission of authentication data regarding the electronic file, the authentication data from the second terminal device. It is notified that the notification request has been received. On the first terminal device side, it is possible to determine whether or not to permit authentication data transmission after confirming the other party who has requested authentication data notification by this notification.

  Therefore, even if the transmission destination of the electronic file is wrong, there is a high possibility that an error will be noticed before the authentication data is transmitted by the notification. For this reason, the risk of confidential information leaking to an unintended partner can be reduced.

  Further, as long as this system is operating in the first terminal device, the notification is automatically performed, so that it is possible to prevent delay and forgetfulness of sending authentication data. As a result, the other party can quickly know the contents of the electronic file.

  In other words, it is possible to realize a system capable of quickly transmitting the contents of the electronic file to an intended partner while maintaining the confidentiality of the electronic file.

  The electronic file transfer system according to the second invention of the present application is the electronic file transfer system according to the first invention of the present application, wherein the authentication data request notification control unit receives the authentication data notification request from the second terminal device at the first terminal device. When informing that, the display device of the first terminal device is displayed using a pop-up window.

  Therefore, by configuring the notification in the pop-up window, the first terminal device receives the authentication data notification request from the second terminal device even while the processing different from the present system is being executed. You can know quickly and reliably.

  An electronic file transfer system according to a third invention of the present application is the electronic file transfer system according to any one of the first or second inventions of the present application, wherein the system includes a terminal device on the transmission side as a first terminal device, and one or more terminal devices. And the first control unit of the transmission-side terminal device is a unique ID that is an individual identification mark of hardware or software used in the transmission-side terminal device. , And one of the hardware or software unique IDs used in the one or more receiving side terminal devices is designated when an electronic file disabling instruction with the designation of two or more unique IDs is input. An electronic file using a disabling key configured to make the electronic file available only with an enabling key generated based on one of the unique IDs And the disabling processing unit configured to store the file ID of the electronic file in the database via the server device, and the second control unit of the receiving terminal device includes: When an instruction for enabling an electronic file that has been made unavailable is input, a unique ID can be obtained from the hardware or software used in the terminal device on the receiving side, and generated based on the obtained unique ID An enabling processing unit that enables an electronic file that has been disabled using an enabling key, and the disabling processing unit includes a designation of a password as authentication data when the disabling instruction includes: In addition, a password lock processing unit that password-locks the electronic file using a specified password is provided, and the enabling processing unit is disabled. If the electronic file acquired together with the file ID of the electronic file, which is a child file, is password-locked, the password notified based on the password notification request as the authentication data notification request to the server device is acquired, A password lock release processing unit that releases the password lock using the acquired password is provided.

  Thus, in the electronic file transfer system according to the third invention of the present application, the disabled electronic file can be used only with the enabling key generated based on any one of the arbitrarily specified unique IDs. It is configured as follows. The enabling key is obtained from the hardware or software used in the terminal device when the enabling command is input to the receiving terminal device that has received the disabled electronic file. It is generated for the first time based on the unique ID, and is configured so that it cannot be generated based on other methods, for example, based on the disabling key. It is impossible for the enabling key to be stolen.

  For this reason, the electronic file cannot be made available to a terminal device other than the receiving-side terminal device using the hardware or software having the specified unique ID.

  Therefore, an electronic file that has been disabled can be erroneously transmitted to another terminal device on the receiving side, or the electronic file that has been disabled can be moved (for example, depending on the method of attaching an email or transferring a file) The electronic file is not made available even if it is stolen during transmission / reception or transfer by a method of mailing or carrying what is stored in the recording medium.

  For this reason, even when an electronic file that has been disabled, such as an encrypted file, is acquired by an unintended partner due to a human error such as misdelivery or theft, the confidentiality of the electronic file can be maintained.

  In addition, passwords can be locked to electronic files that have been disabled using an arbitrary password. For example, even if an electronic file that has been disabled is stolen on the way of delivery, there is a risk that confidential information will be leaked. It can be further reduced.

  In addition, for example, when the electronic file is disabled by specifying two or more unique IDs used in two or more receiving side terminal devices by password-locking, reception corresponding to these unique IDs is performed. Any terminal device can use the electronic file, but the electronic file can be used only by the receiving terminal device having a specific unique ID among these terminal devices. This is useful when you want to allow the availability.

  For this reason, it is possible to quickly convey the contents to the intended party while maintaining the confidentiality of the electronic file.

  An electronic file transfer system according to a fourth invention of the present application is the electronic file transfer system according to any one of the first or second inventions of the present application, wherein the system includes a terminal device on the transmission side as a first terminal device, and an electronic mail. An external terminal device as a second terminal device identified by the address, and the first control unit of the transmission-side terminal device designates the external terminal device by the external terminal mail address which is the electronic mail address of the external terminal device When an instruction to disable the use of an electronic file with an input is input, the electronic file is made unavailable so that it can be used only by the temporary use enabling software provided from the server device. A disabling processor configured to store the file ID in the database via the server device; The second control unit of the department terminal device notifies the server device of authentication data when an instruction for enabling the use of the electronic file that has been disabled and the electronic file acquired together with the file ID of the electronic file is input. Using the temporarily usable enabling software that has been used based on the usage ID as authentication data for using the temporarily usable enabling software notified based on the request for using ID notification as the request And an enabling processing unit configured to enable the use of the disabled electronic file.

  Thus, in order to make an electronic file that has been made unavailable in an external terminal device, it is necessary to obtain temporarily usable enabling software from the server device. In addition, the usage ID for using the temporarily usable enabling software cannot be obtained without the permission of the terminal device on the transmission side.

  Therefore, the contents of the electronic file are promptly intended while maintaining the confidentiality of the electronic file even for an external terminal device that does not have a function such as the enabling processing unit of the receiving terminal device in the third invention of the present application. It becomes possible to tell the other party.

  The electronic file transfer system according to the fifth invention of the present application is the electronic file transfer system according to the fourth invention of the present application, wherein the disabling processing unit further includes a case where the disable command includes designation of a password as authentication data, A password lock processing unit for password-locking the electronic file using a specified password, and the enabling processing unit is an electronic file that has been disabled and acquired together with the file ID of the electronic file; When the password is locked, a password unlock processing unit that acquires the password notified based on the password notification request as the authentication data notification request to the server device and releases the password lock using the acquired password , Provided.

  In this way, in addition to the use ID for using the temporarily available enabling software, the electronic file itself is further password-locked using an arbitrary password, so that, for example, an electronic file that has been disabled can be obtained. Even if it is stolen on the way of delivery, the risk of leakage of confidential information can be further reduced.

  For this reason, it is possible to quickly convey the contents to the intended party while maintaining the confidentiality of the electronic file.

  A server device according to a sixth invention of the present application is a server device used in the electronic file transfer system according to any one of the first to fifth inventions of the present application.

  Therefore, by using this server device for the electronic file transfer system, the same effects as in any of the first to fifth inventions can be obtained.

  A first terminal device according to a seventh invention of the present application is a first terminal device used in the electronic file transfer system according to any one of the first to fifth inventions of the present application.

  Therefore, by using the first terminal device for the electronic file transfer system, the same effects as those of any of the first to fifth inventions can be obtained.

  A second terminal device according to an eighth invention of the present application is a second terminal device used in the electronic file transfer system according to any one of the first to fifth inventions of the present application.

  Therefore, by using the second terminal device in the electronic file transfer system, the same effects as in any of the first to fifth inventions can be obtained.

  The program according to the ninth invention of the present application is a computer that controls the server side control unit of the server device according to the sixth invention of the present application, the first control unit of the first terminal device according to the seventh invention, or the second control unit of the second terminal device according to the eighth invention. 2 is a program for functioning as a control unit.

  Therefore, by causing the computer to execute the program, the same effects as those of the sixth invention, the seventh invention, or the eighth invention are achieved.

  A recording medium according to the tenth invention of the present application is a recording medium storing a program according to the ninth invention of the present application.

  Therefore, by causing a computer to execute the program stored in this recording medium, the same effects as those of the ninth invention can be obtained.

  The electronic file transfer method according to the eleventh invention of the present application is a first terminal device and a second terminal device capable of communicating information between a server device provided with a database and a server device via an information communication means. An electronic file transfer method performed using a server side control step in which the server device performs control processing in the server device, and the first terminal device in the first terminal device. A first control step for performing a control process; and a second control step for the second terminal apparatus to perform a control process in the second terminal apparatus. The server-side control step receives an authentication related to an electronic file from the second terminal apparatus. When an authentication data notification request for requesting data notification is received and an authentication data notification request including a file ID, which is an identification mark of an electronic file, is received, Authentication data request received data indicating that the authentication data request received data indicating that the data notification request has been received is stored in the database in association with the file ID and the second specifying data that specifies the second terminal device. A storage control step, wherein the first control step searches the database of the server device, and the authentication data request received data associated with the file ID of the electronic file for which the first terminal device is authorized to transmit and receive authentication data. If present, the first terminal device notifies the fact that the authentication data notification request has been received from the second terminal device specified by the second specific data corresponding to the authentication data request received data, based on the database. The first terminal device is configured to support the determination as to whether or not to permit authentication data transmission to the second terminal device. And, the authentication data request notification control step, further comprising the features a.

  Therefore, by using the method using an electronic file transfer system including a server device, a first terminal device, and a second terminal device, the same effects as those of the first invention can be obtained.

  In each of the above inventions, unless otherwise specified, “information communication means” refers to communication for transmitting information such as characters, sounds, images, video, control signals converted into electric signals, optical signals, and the like. It is a means, regardless of whether it is wired or wireless. As information communication means, a computer network such as WAN (Wide Area Network) and LAN (Local Area Network) represented by the Internet, a communication line such as a telephone line (including a mobile phone line), a dedicated line, a communication cable and an infrared ray For example, direct connection by a combination of the above, or a combination of these is exemplified.

  The “terminal device” refers to a computer or a device having a function equivalent to this. Examples of the terminal device include personal computers, tablet computers, portable information terminals, and mobile phones represented by so-called smartphones.

  An “electronic file” refers to a text, image, video, audio, or the like converted into electronic data, and is sometimes called a single electronic file, a plurality of electronic files, or a collection of electronic files (a “folder”). ), A concept including a collection of a plurality of electronic files (a plurality of “folders”).

  “Authentication data” is data that is input to a terminal device to obtain authentication when using a specific function in the terminal device, and includes any data that can be recognized by the terminal device. For example, letters (including symbols and numbers), figures (including bar codes and QR codes (registered trademark)), voices, or a combination thereof are exemplified.

  The “authentication data related to the electronic file” includes, for example, a password required for unlocking a password-locked electronic file (a plain text electronic file or a disabled electronic file) and an enabling process. The usage ID required when obtaining the usage authority of the hardware or software for executing the above is included.

  Examples of the “electronic file for which the first terminal device has permission to transmit authentication data” include, for example, an electronic file subjected to password lock processing in the first terminal device, as well as a server device in the first terminal device. Includes electronic files that have been disabled so that they can only be made available by the temporarily available enabling software provided.

  The “second specifying data” refers to data for specifying the second terminal device. The second terminal device operator / affiliation department e-mail address, the operator / affiliation department name / name, and the second terminal device Such a unique ID is exemplified.

  “In the first terminal device, ... notify” means using the first terminal device and / or a device connected to the first terminal device by wire or wirelessly, through the human senses, It means transmitting information to people. Examples of the transmitted information include characters (including symbols and numbers), visual information such as graphics, auditory information such as voice, or a combination thereof.

  “Unusable” is a concept that includes “completely unusable” that makes an electronic file unplayable and “incompletely unusable” that makes some operations on an electronic file unusable. “Completely unusable” includes, for example, processing of making electronic files unplayable by encryption and data compression, and “incompletely unusable” includes, for example, copying prohibition (restriction) processing of electronic files, Print prohibition (restriction) processing and storage prohibition processing are included.

  “Disabling key” refers to electronic data used to disable an electronic file, and includes, for example, an encryption key.

  “Enabling” means returning a disabled electronic file to a usable state, returning a completely disabled electronic file to a playable state, or “incompletely unavailable” For example, a process of canceling (releasing) the operation prohibition (restriction) on the electronic file that has been changed to “reset”.

  “Enabling key” refers to electronic data used to make an electronic file available, and includes, for example, a decryption key.

  “Hardware used in a terminal device” refers to the terminal device itself and a device connected to the terminal device by wire or wirelessly. Typically, the device is connected to the terminal device. On the condition that the approval or disapproval of a specific operation in the terminal device is determined. A typical example of this is a USB memory.

  The “software used in the terminal device” is software executed in the terminal device and includes an application program and an operating system, and typically includes encryption / decryption software and decryption that constitute the system. Dedicated software.

The “unique ID” refers to an individual identification mark of the hardware or software, and is exemplified by a serial number, a manufacturing number, or a numerical value / character string corresponding to the serial number and the serial number.

FIG. 1 is a block diagram showing the overall configuration of an electronic file transfer system 2 according to an embodiment of the present invention. FIG. 2 is a block diagram illustrating the configuration of the server device 4, the transmission-side terminal device 5, and the reception-side terminal device 6 that are main components of the electronic file transfer system 2. FIG. 3 is a block diagram showing an example of the hardware configuration of the server device 4 and the transmission-side terminal device 5 shown in FIG. 2, and each of the server device 4 and the transmission-side terminal device 5 is for one computer. This is an example of the case. FIG. 4 is a flowchart illustrating an example of a process flow in the electronic file transfer system 2. FIG. 5 is a detailed flowchart of the encryption process. FIG. 6 is a detailed flowchart of the decoding process. FIG. 7 is a diagram for explaining the concept of groups in the electronic file transfer system 2. FIG. 8 is a diagram illustrating an example of a display screen displayed on the display device 62 of the terminal device 5 in the encryption process in the electronic file transfer system 2. 9A, FIG. 9B, FIG. 9C, and FIG. 9D are diagrams illustrating an example of a data configuration of each table that configures the database 12 provided in the server device 4. 10A and 10B are diagrams illustrating an example of the data configuration of another table that configures the database 12 provided in the server device 4. FIG. 11 is a diagram illustrating an example of a pop-up window displayed on the display device 62 of the terminal device 5 constituting the electronic file transfer system 2. FIG. 12 is a drawing showing an example of the flow of usage ID notification processing in the electronic file transfer system 2. FIG. 13 is a drawing showing an example of the flow of password notification processing in the electronic file transfer system 2.

  FIG. 1 is a block diagram showing the overall configuration of an electronic file transfer system 2 according to an embodiment of the present invention.

  In the following example, a case will be described as an example where the electronic file disabling process is realized as an electronic file encryption process. In this case, the encryption in the encryption process corresponds to the disabling in the disabling process, the encryption key corresponds to the disabling key, the decryption to enable, and the decryption key to the enabling key.

  The electronic file transfer system 2 includes a server device 4, a transmission-side terminal device 5 as a first terminal device, and reception-side terminal devices 6, 6,... As one or more second terminal devices. The external terminal device 7 as the second terminal device and the management terminal device 9 are provided, and the server device 4 and each of the terminal devices 5, 6, 7, 9 are connected via the information communication means 8. Communication of information is possible. Hereinafter, “the receiving terminal device 6 or the external terminal device 7” may be referred to as “second terminal devices 6 and 7”.

  FIG. 2 is a block diagram illustrating the configuration of the server device 4, the transmission-side terminal device 5, and the reception-side terminal device 6 that are main components of the electronic file transfer system 2.

  As illustrated in FIG. 2, the server device 4 includes a server-side control unit 10 that performs control processing in the server device 4 and a database 12.

  The server-side control unit 10 includes an authentication data request received data storage control unit 24.

  The authentication data request received data storage control unit 24 includes a file ID that is an authentication data notification request for requesting notification of authentication data related to the electronic file from the second terminal devices 6 and 7 and is an identification mark of the electronic file. When the authentication data notification request is received, the authentication data request received data indicating that the authentication data notification request has been received is associated with the file ID and the second specifying data that is data specifying the second terminal devices 6 and 7. And stored in the database 12.

  In addition, when the usage ID notification request link data is operated in step S41 described later, the server-side control unit 10 acquires a file ID associated with the link data and also operates the external terminal device 7 that has operated the link data. If the input e-mail address matches the external terminal e-mail address stored in association with the file ID stored in the database 12, the terminal device on the transmission side On the condition of prior approval or subsequent approval by 5, it is configured to transmit the available enabling software to the external terminal device 7.

  Note that “transmitting available software that can be temporarily used to the external terminal device 7” means transmitting the software that can be used in the external terminal device 7. For example, it includes the case of sending the software that can be used only once (or several times) without conditions, and the usage ID that can be used only once (or several times), not the software itself In addition, a case where the software and the usage ID are transmitted at the same time or separately is also included.

  The database 12 stores authentication data request received data in association with the file ID and the second specific data.

  The database 12 also stores the unique ID associated with the terminal device 5 on the transmission side and the unique ID associated with the terminal device 6 on the reception side, classified into one or more groups. The database 12 also stores a plurality of different groups in association with one unique ID.

  The terminal device 5 on the transmission side includes a first control unit 25 that performs control processing in the terminal device 5 on the transmission side, and a local database 22. The first control unit 25 includes an encryption processing unit 20 that is a disabling processing unit and an authentication data request notification control unit 23.

  The encryption processing unit 20 includes a unique ID that is an individual identification mark of hardware or software used in the terminal device 5 on the transmission side, and hardware or software used in one or more terminal devices 6 on the reception side. As an enabling key generated based on one of the specified unique IDs when an encryption command (unusable command) of an electronic file accompanied by specification of two or more unique IDs is input among the unique IDs The electronic file is encrypted (unusable) using an encryption key as a disabling key configured so that the electronic file can be decrypted (usable) only with the decryption key. The ID is associated with the unique ID as the first specifying data that is data for specifying the terminal device 5 on the transmission side, and the It is configured to store the scan 12. An encrypted file is called an encrypted file.

  The “first specific data” refers to data for identifying the first terminal device. The e-mail address of the operator / department of the first terminal device, the name / name of the operator / department, the first terminal A unique ID associated with the device is exemplified.

  The encryption processing unit 20 further includes designation of a specific group to which the unique ID related to the terminal device 5 on the transmission side belongs among the groups having one or more unique IDs stored in the database 12 as constituent elements. When an electronic file encryption command is input, an encryption key configured so that the electronic file can be decrypted only with a decryption key generated based on any unique ID constituting the specified group is used. Configured to encrypt electronic files.

  The encryption processing unit 20 further receives an electronic file encryption command accompanied by designation of one or more specific groups to which the unique ID related to the terminal device 5 on the transmission side belongs among the groups stored in the database 12. When input, the electronic file is encrypted using an encryption key configured so that the electronic file can be decrypted only with a decryption key generated based on one of the unique IDs constituting all the specified groups. Is configured to

  The encryption processing unit 20 is further provided from the server device 4 when an instruction to disable the use of the electronic file accompanied by the designation of the external terminal device 7 by the external terminal mail address that is the electronic mail address of the external terminal device 7 is input. The electronic file is made unavailable so that it can be used only by the temporarily available enabling software, and the file ID of the electronic file is data that identifies the terminal device 5 on the transmission side. The data is stored in the database 12 via the server device 4 in association with the unique ID as the specific data and the external terminal mail address as the second specific data.

  The encryption processing unit 20 further includes a password lock processing unit 21.

  The password lock processing unit 21 password-locks the electronic file using the designated password when the encryption command includes designation of the password.

  The authentication data request notification control unit 23 searches the database 12 of the server device 4 and searches the database 12 for an authentication data request associated with the file ID of the electronic file for which the terminal device 5 on the transmission side has authorization authority to transmit authentication data. If the received data exists, the authentication data is requested from the second terminal devices 6 and 7 specified by the second specific data corresponding to the authentication data request received data in the terminal device 5 on the transmission side based on the database 12. By notifying that the notification request has been received, the terminal device 5 on the transmission side is configured to support the determination as to whether or not to permit authentication data transmission to the second terminal devices 6 and 7.

  Hereinafter, a case where the notification that the authentication data notification request has been received is performed by displaying visual information such as characters on the display device 62 of the transmission-side terminal device 5 will be described as an example.

  When the authentication data request notification control unit 23 displays on the display device 62 of the terminal device 5 on the transmission side that the authentication data notification request has been received from the second terminal devices 6 and 7, the display is displayed in a pop-up window 80. It is comprised so that it may be performed using.

  The local database 22 is appropriately synchronized so as to have the same content as the database 12 of the server device 4. Therefore, the terminal device 5 is generally configured to reduce the communication load by accessing the local database 22 instead of accessing the database 12.

  The receiving-side terminal device 6 includes a second control unit 35 that performs control processing in the receiving-side terminal device 6 and a local database 32. The second control unit 35 includes a decryption processing unit 30 that is an enabling processing unit.

  The local database 32 has the same configuration as the local database 22.

  When the decryption command of the encrypted file is input, the decryption processing unit 30 acquires a unique ID from the hardware or software used in the terminal device 6 on the receiving side, and based on the acquired unique ID The encrypted file is decrypted using the generated decryption key.

  The decryption processing unit 30 further includes a password lock release processing unit 31.

  The password lock release processing unit 31 acquires the password notified based on the password notification request to the server device 4 when the encrypted file acquired together with the file ID by the receiving terminal device 6 is password-locked. Release the password lock using the acquired password.

  The external terminal device 7 shown in FIG. 1 is specified by an e-mail address during the encryption process. The external terminal device 7 includes a decryption processing unit (not shown).

  This decryption processing unit can be used temporarily when the decryption command for the encrypted file acquired by the external terminal device 7 together with the file ID is inputted, notified based on the use ID notification request to the server device 4. Decrypt the encrypted file by using the temporarily usable enabling software (hereinafter, also referred to as “decryption-only software”) that can be used with the usage ID for using the enabling software. It is configured as follows.

  This decryption processing unit includes a password unlock processing unit (not shown) similar to the password unlock processing unit 31 in the decryption processing unit 30 of the terminal device 6 on the receiving side.

  The management terminal device 9 shown in FIG. 1 is used to perform grouping of unique IDs stored in the database 12 and other management operations of the system 2.

  In this embodiment, for the sake of convenience, the transmitting-side terminal device 5 and the receiving-side terminal device 6 are described as different terminal devices having different configurations, but in general, a single terminal is used. When the device has the functions of both the terminal device 5 on the transmission side and the terminal device 6 on the reception side shown in FIG. 2, and performs the encryption process of the electronic file, the usage ID notification process, and the password notification process, the transmission side The terminal device 5 is configured to function as a receiving-side terminal device 6 when performing decryption processing of the encrypted file.

  FIG. 3 is a block diagram showing an example of the hardware configuration of the server device 4 and the transmission-side terminal device 5 shown in FIG. 2, and each of the server device 4 and the transmission-side terminal device 5 is for one computer. This is an example of the case.

  Hereinafter, the terminal device 5 on the transmission side, the terminal device 6 on the reception side, the external terminal device 7, and the management terminal device 9 are simplified to be the terminal device 5, the terminal device 6, the terminal device 7, and the terminal device, respectively. It may be 9. In addition, the second terminal devices 6 and 7 may be simplified to be terminal devices 6 and 7.

  The server device 4 is not particularly limited, but has the same configuration as a general server computer in this example.

  The server device 4 is a recording medium that stores a program on the server device 4 side of the electronic file transfer system 2, and an auxiliary storage device 55 such as an HDD (hard disk drive) including a hard disk that is also a storage medium of the database 12, an auxiliary storage. A main storage device 54 loaded with a program stored in the device 55; a CPU 51 corresponding to the server-side control unit 10 that executes the program loaded in the main storage device 54; a display device 52 such as an LCD (liquid crystal display device); An input device 53 such as a keyboard, a mouse, and a track pad, and a communication interface 56 for communicating with the terminal devices 5, 6, 7, and 9 via the information communication means 8 are provided.

  The terminal device 5 is not particularly limited, but in this example, has the same configuration as a general personal computer.

  The terminal device 5 is a recording medium that stores a program on the terminal device 5 side of the electronic file transfer system 2, and an auxiliary storage device 65 such as an SSD (solid state drive) equipped with a flash memory that is also a storage medium of the local database 22. A main storage device 64 loaded with a program stored in the auxiliary storage device 65, a CPU 61 for executing the program loaded in the main storage device 64, a display device 62 such as an LCD (liquid crystal display device), input keys, a touch panel, etc. Input device 63 and a communication interface 66 for communicating with the server device 4 via the information communication means 8.

  The basic hardware configuration of the terminal devices 6, 7 and 9 is the same as that of the terminal device 5.

  FIGS. 4 to 6 and FIGS. 12 to 13 are flowcharts showing an example of the processing flow in the electronic file transfer system 2. FIG. 7 is a diagram for explaining the concept of groups in the electronic file transfer system 2.

  FIG. 8 is a diagram showing an example of a display screen (hereinafter simply referred to as “screen”) displayed on the display device 62 of the terminal device 5 in the encryption processing in the electronic file transfer system 2. FIG. 11 is a diagram illustrating an example of a pop-up window displayed on the display device 62 of the terminal device 5 constituting the electronic file transfer system 2.

  FIG. 9A, FIG. 9B, FIG. 9C, FIG. 9D, FIG. 10A, and FIG. 10B are diagrams showing an example of the data configuration of each table that constitutes the database 12 provided in the server device 4.

  As shown in FIGS. 9A, 9B, 9C, 9D, 10A, and 10B, the database 12 includes six tables.

  FIG. 9A is a diagram illustrating an example of a data configuration of the serial number table 70. FIG. 9B is a diagram illustrating an example of a data configuration of the group member table 71. FIG. 9C is a diagram illustrating an example of a data configuration of the user table 72. FIG. 9D is a diagram illustrating an example of a data configuration of the file ID table 73. FIG. 10A is a diagram illustrating an example of a data configuration of the allowable target table 74. FIG. 10B is a diagram illustrating an example of the data configuration of the authentication data request status table 75.

  The serial number table 70 is a table that stores information relating to serial numbers, and represents the relationship between serial numbers, owner IDs, and user IDs. There is a one-to-one correspondence between serial numbers and owner IDs.

  The group member table 71 is a table that stores the relationship between a group and its constituent members, and represents the relationship between a group ID and an owner ID (equivalent to a serial number).

  The user table 72 is a table that stores information about users, and represents the relationship between user IDs and their e-mail addresses.

  The file ID table 73 stores information related to the file ID, and includes a file ID, an owner ID, a password, a password notification mode, an OTUID notification mode (a notification mode for the use ID of the decryption dedicated software), and an external terminal mail address. , And the relationship.

  The permissible target table 74 is a table that stores information related to the permissible decryption target, and represents the relationship between the file ID, the permissible target type, and the permissible target ID. There are groups, unique IDs, and decryption-dedicated software as types of allowable objects. When the decryption permission target is the external terminal device 7, “decryption dedicated software” is stored as the “permission target type”.

  For example, when the type of the allowable target is a group, the group ID is stored as the allowable target ID. When the type of the permitted object is a unique ID, a serial number corresponding to the unique ID is stored as the permitted object ID. When the type of the permitted object is decryption-only software, the serial number of the decryption-only software is stored as the permitted object ID. One or more allowable target IDs can be stored for one file ID.

  The authentication data request status table 75 is a table that stores whether or not an authentication data notification request has been made from the second terminal devices 6 and 7, and includes the file ID, the second specific data, and the authentication data request received data. Showing the relationship. The “use ID request flag” in the authentication data request status table 75 corresponds to the authentication data request received data for “use ID”. The “password request flag” corresponds to the authentication data request received data for “password”.

  A processing procedure in the electronic file transfer system 2 will be described with reference to these drawings.

  FIG. 4 is a flowchart for explaining an outline of the procedure of the file transfer process in the electronic file transfer system 2.

  First, group setting is performed, and a plurality of unique IDs are grouped (step S1).

  In the group setting, first, unique IDs related to the terminal device 5 and the plurality of terminal devices 6 are stored in the database 12 of the server device 4.

  The storage method is not limited. For example, when installing software for executing the present system (hereinafter sometimes referred to as “encryption / decryption software”) on the terminal devices 5 and 6. For example, the serial number of the encryption / decryption software is transmitted to the server device 4 and stored in the serial number table 70 of the database 12 as the unique ID of the terminal devices 5 and 6 (see FIG. 9A). At this time, an owner ID having a one-to-one relationship with the serial number is assigned to each serial number.

  The hardware used in the terminal device other than the terminal devices 5 and 6, such as a USB memory, for example, is connected to the terminal device 5 or 6 at the time of introduction of the present system. The data is transmitted to the server device 4 and stored in the database 12 as a unique ID of the USB memory.

  The unique ID may be any individual identification mark of hardware or software used in the terminal devices 5 and 6, and is not limited to a serial number.

  A method for grouping a large number of unique IDs stored in the database 12 in this way is not particularly limited. For example, an administrator who operates the system 2 uses the management terminal device 9 to This can be done from an administrator website (not shown).

  FIG. 7 illustrates a grouped state.

  In this example, a large number of unique IDs P11, P12, P13,... Are grouped into a large number of groups.

  That is, each of the unique IDs P11, P12, P13,... Is an employee (member) who uses the terminal device 5 or 6 installed with encryption / decryption software having these unique IDs, Focusing on the department to which the employee (member) who uses the USB memory with a unique ID belongs, a plurality of (three in this example) main groups, group G1 (A company head office group), G2 (A company Tokyo branch) Group) and G3 (A company Osaka branch group).

  Each of the main groups, that is, the groups G1, G2, and G3, are subdivided into a plurality of subgroups (all three in this example). For example, the group G1, which is the main group, is divided into three subgroups, that is, a group G10 (general affairs group), a group G11 (planning group), and a group G12 (management group).

  For example, the group G11 is composed of six unique IDs P11, P12,. Although not shown, the subgroup can be further divided into a plurality of groups.

  In addition, a group that crosses multiple groups (multiple main groups and multiple subgroups), for example, a group corresponding to a project team composed of employees selected from multiple departments, is also set. be able to.

  In this example, a group G4 having three unique IDs, that is, a unique ID P11 belonging to the group G11, a unique ID P21 belonging to the group G22, and a unique ID P31 belonging to the group G30 is set.

  Therefore, for example, the unique ID P21 belongs to three groups, that is, groups G2, G22, and G4.

  In this way, group setting is performed. The group setting is changed as needed, and the data in the database 12 is updated along with the change.

  As shown in FIG. 4, the encryption process is executed on the assumption that the group setting (step S1) has been executed (step S2).

  FIG. 5 shows an example of a detailed flowchart in the encryption process.

  The encryption process is performed by transmitting the terminal device 5 on the transmission side installed with the encryption / decryption software having the unique ID belonging to any of the above groups (hereinafter, such expression is referred to as “unique ID belonging to any group”). The terminal device 5 ”may be abbreviated as“.

  As illustrated in FIG. 5, when a program (encryption / decryption software) according to the present system is operated in the terminal device 5, the CPU 61 of the terminal device 5 (hereinafter simply referred to as “terminal device 5”) may be used. ) Starts monitoring the input of a plain text file (electronic file before encryption) (step S20).

  The plain text file is input to the terminal device 5 by, for example, dragging and dropping the icon of the plain text file into the plain text input area of the input screen (not displayed) displayed on the display device 62 of the terminal device 5. Executed. This operation corresponds to an encryption command.

  When the plain text file is input, the terminal device 5 displays the protect condition setting screen 40 on the display device 62 and monitors the input of the protect condition (step S21).

  FIG. 8 illustrates the configuration of the protect condition setting screen 40. On the protection condition setting screen 40, a password setting area 41, a decryption permission target setting area 45, a decryptable frequency limit setting area 46, a decryptable period limit setting area 47, a confirmation button 48, and a cancel button 49 are displayed. ing.

  A password can be set by checking a check box in the password setting area 41 and inputting an arbitrary password. The password setting area 41 is provided with a password notification mode designation area 41a (not shown), and the password notification mode is designated in the area 41a.

  In this example, as a password notification mode, the server device 4 that has received a password notification request from the receiving terminal device 6 or the external terminal device 7 automatically transmits a password to these terminal devices 6 or 7. There are an automatic notification mode and an approval waiting mode for notifying the terminal device 5 on the transmission side that a password notification request has been issued from these terminal devices 6 or 7, and it is configured so that either password notification mode can be designated. ing.

  When the approval waiting mode is designated as the password notification mode, it is determined whether or not to transmit the password in the terminal device 5 on the transmission side that has received the notification that the password notification request has been received from the server device 4. The password is transmitted to the terminal device 6 or 7 directly or via the server device 4 only when it is determined to be transmitted.

  In this example, password setting is not indispensable, but it can be configured to require password setting.

  The decryption permission target setting area 45 includes a terminal device limited area 42, a unique ID setting area 43, a group setting area 44, and an external terminal apparatus setting area 50 (not shown). By specifying 43, 44, and 50, it is possible to set a target for which decoding is permitted. In this example, these areas 42, 43, 44, 50 are configured to be selected alternatively, but some or all of these areas 42, 43, 44, 50 can be selected simultaneously. You can also

  When the check box of the terminal device limited area 42 is checked, decoding is allowed only in the terminal 5 and cannot be decoded in the other terminal devices 6 and 7.

  The unique ID setting area 43 is an area for setting one or more specific unique IDs as a target for which decoding is permitted. By checking the check box in this area and inputting a unique ID that allows decryption, the terminal device 5 on the transmission side, the terminal devices 6 and 7 connected to the USB memory having the unique ID, or the relevant Decryption is allowed only in the terminal devices 6 and 7 that are executing the encryption / decryption software having the unique ID.

  The unique ID that can be specified in the unique ID setting area 43 is not limited. For example, even a unique ID that is not stored in the serial number table 70 or the group member table 71 of the database (unique ID related to an external member) is specified. Is possible.

  In this example, when the check box of the unique ID setting area 43 is checked, the terminal device 5 on the transmission side is automatically allowed to decrypt, but the terminal device 5 on the transmission side is also configured. In order to allow decryption, the unique ID related to the terminal device 5 on the transmission side must be input.

  In this example, the unique ID related to the USB memory and the unique ID related to the encryption / decryption software can be specified at the same time. However, these can be specified separately. Or can be configured to specify only.

  The group setting area 44 is an area for setting one or two or more specific groups as targets for which decoding is permitted. By checking the check box in this area and designating a group that allows decryption, all the terminal devices 6 connected to the USB memory having the unique ID belonging to the designated group and the designated group are assigned. Decryption is allowed only in all the terminal devices 6 that are executing the encryption / decryption software having the unique ID to which it belongs.

  In this example, based on the data (corresponding to the group member table 71) stored in the local database 22 synchronized so as to have the same contents as the database 12 of the server device 4, one or two or more to which the terminal device 5 belongs. The group is extracted, and the extracted one or two or more groups are displayed by genre. By selecting one or two or more groups from any one or two or more genres, decoding is allowed. To specify the group to be used.

  The database 12 (local databases 22 and 32) includes a group ID (data representing a group identification mark), a group name (such as “Tokyo branch” and “sales department”), and a company name (such as “A corporation”). ) Are stored in association with each other, and a group name or company name corresponding to the group ID is displayed on the display device 62 such as the terminal device 5.

  The external terminal device setting area 50 (not shown) is an area for setting the external terminal device 7 as a target for which decoding is permitted. The external terminal device setting area 50 may be configured to include, for example, an e-mail address designation area 50a (not shown) and a check box (not shown). The check box in this area is checked, and an external terminal mail address (a known electronic mail address used in the external terminal device 7) is input into the electronic mail address designation area 50a.

  Also, the external terminal device setting area 50 is provided with a notification mode designation area 50b (not shown) of the use ID of the decryption-dedicated software (hereinafter sometimes simply referred to as “use ID”). , The usage ID notification mode is designated.

  In this example, as a usage ID notification mode, an automatic notification mode in which the server device 4 that has received a usage ID notification request from the external terminal device 7 automatically transmits a usage ID to the external terminal device 7, and an external terminal There is an approval waiting mode for notifying the terminal device 5 on the transmitting side that there has been a usage ID notification request from the device 7, and it is configured so that a notification mode of any usage ID can be designated.

  When the approval waiting mode is designated as the usage ID notification mode, whether or not to transmit the usage ID in the terminal device 5 on the transmission side that has received a notification from the server device 4 that there has been a usage ID notification request. Only when it is determined to be transmitted, the usage ID is transmitted to the external terminal device 7 directly or via the server device 4.

  By checking the check box in the decryptable count limit setting area 46 and specifying the number of times that decryption is possible, the number of times that decryption can be performed in the encryption / decryption software can be limited. In this example, the designation of the number of times that decoding can be performed is not essential, but the designation may be mandatory.

  While the check box of the decryptable period limit setting area 47 is checked, either a time limit or a date limit is selected with a radio button as a limit mode, and a time that can be decrypted in accordance with the selected limit mode Alternatively, by specifying the last date that can be decrypted, the decryptable period can be limited. In this example, it is not essential to specify a period in which decryption is possible, but it may be configured to make the specification mandatory.

  In this way, when the confirmation button 48 is operated after the protection conditions are set, for example, a setting item list screen (not shown) is displayed on the display device 62 of the terminal device 5 and a decision button ( The terminal device 5 executes step S22 shown in FIG. 5 on the condition that (not shown) is operated. If the cancel button 49 is operated before the confirmation button 48 is operated, the setting of the protect condition is cancelled.

  As shown in FIG. 5, in step S <b> 22, the terminal device 5 determines what the decryption permission target set in the decryption permission target setting area 45 of the protection condition setting screen 40 is.

  When the terminal device 5 determines that the decryption permission target is a specific group of one or more, all the devices belonging to the group are based on the data stored in the local database 22 (corresponding to the group member table 71). The unique ID is read, an encryption key is generated based on all the read unique IDs, and an encrypted file is generated by encrypting the plaintext file using this encryption key (step S23).

  This encryption key is configured such that the encrypted file can be decrypted only with a decryption key generated based on any one of the unique IDs constituting all the groups related to the designation. Of course, the decryption key cannot be generated based on the encryption key. Although the encryption / decryption method is not particularly limited, for example, AES256 can be used.

  In addition, the process in step S23 is not limited to the said method, For example, it can also perform by the following method.

  That is, when determining that the decryption permission target is a specific group of one or more, the terminal device 5 generates an encryption key based on the group ID of the group (see the group member table 71), and this encryption key It is also possible to generate an encrypted file by encrypting a plain text file using. If this method is used, even if there are many unique IDs belonging to the group, the data amount of the encryption key can be reduced, which is convenient.

  If the terminal device 5 determines in step S22 that the decryption permission target is a specific unique ID, the terminal device 5 generates an encryption key based on all the specified unique IDs, and encrypts the plaintext file using this encryption key. As a result, an encrypted file is generated (step S24).

  This encryption key is configured such that the encrypted file can be decrypted only with a decryption key generated based on any one of the unique IDs related to the designation.

  If the terminal device 5 determines in step S22 that the decryption permission target is its own terminal device 5, the terminal device 5 generates an encryption key based on the unique ID associated with its own terminal device 5, and uses this encryption key. An encrypted file is generated (step S25).

  This encryption key is configured such that the encrypted file can be decrypted only with the decryption key generated based on the unique ID associated with its own terminal device 5.

  When the terminal device 5 determines in step S22 that the decryption permission target is the external terminal device 7, the decryption can be performed only by the dedicated decryption software provided from the server device 4 to the external terminal device 7 later. The encrypted file is generated by encrypting the electronic file using the serial number of the decryption-dedicated software (see the permission target table 74) (step S26).

  For this reason, any other unique ID is not used for the encryption in step S26. Of course, protection conditions other than the decryption permission target setting area 45 (see FIG. 8) can be set.

  As shown in FIG. 5, the terminal device 5 next determines whether or not a password is set in the password setting area 41 of the protect condition setting screen 40 (step S28), and the password is not set. Ends the encryption process as it is, and if a password is set, the encrypted file is password-locked using the designated password (step S29), and the encryption process ends.

  At the end of the encryption process, of the protection conditions specified in the encryption process, data used in the subsequent process, for example, a password for releasing the password lock, a notification mode of the password, a notification mode of the usage ID ( OTUID notification mode), the external terminal mail address is associated with the file ID of the encrypted file generated in the encryption process together with the owner ID (that is, the serial ID) that identifies the terminal device 5 on which the encryption process has been executed. And stored in the file ID table 73 of the database 12.

  In the case where the designated password notification mode is the approval waiting mode and the password is configured to be transmitted directly from the terminal device 5 on the transmission side to the terminal device 6 on the reception side, the password is stored in the server. There is no need to transmit to the device 4 and store it in the file ID table 73.

  Among the protection conditions, the decryption permission target is stored in the permission target table 74 of the database 12 in association with the file ID.

  At the end of the encryption process, the authentication data notification request link data that is link data to the authentication data notification request site, which is the site that accepts the authentication data notification request, is also generated in the server device 4. In this example, password notification request link data that is link data to a password notification request site that is a site that accepts a password notification request in the server device 4, and use that is a site that accepts a usage ID notification request in the server device 4. Usage ID notification request link data, which is link data to the ID notification request site (decryption-dedicated software download site), is generated.

  The link data includes the file ID, and the server device 4 is configured to acquire the file ID when the site is accessed according to the link data. .

  Returning to FIG. 4, next, the encrypted file is delivered to the terminal device 6 on the receiving side or the external terminal device 7 (step S3). The method for delivering the encrypted file is not particularly limited, and examples thereof include attachment to an e-mail, file transfer, mailing, and carrying.

  Next, in the receiving terminal device 6 or the external terminal device 7, a decryption process is performed on the transferred encrypted file (step S4).

  FIG. 6 shows a detailed flowchart in the decoding process. The procedure shown in FIG. 6 is an example when the encrypted file is delivered by attachment to an e-mail, but the decryption process is performed in substantially the same manner when delivered by another method. .

  In step S40, when the terminal device that performs the decryption process is the receiving-side terminal device 6, the receiving-side terminal device 6 can use the encryption / decryption software. The process of step S42 is executed.

  On the other hand, when the terminal device that performs the decryption process is the external terminal device 7 in step S40, the external terminal device 7 cannot use the encryption / decryption software that constitutes the system 2, and therefore the external terminal The device 7 acquires decryption-dedicated software via the server device 4 (step S41).

  The method for obtaining the decoding-dedicated software is not particularly limited, but can be realized by the following method, for example.

  In step S3, the e-mail attached with the encrypted file is sent from the terminal device 5 on the transmission side to the external terminal device 7. In the body of this e-mail, the decryption-dedicated software download site of the server device 4 is sent. Link data, that is, use ID notification request link data is pasted. The link data is pasted on the body of the e-mail, for example, by an operator of the terminal device 5 on the transmission side.

  In step S3, the transfer of the encrypted file to the external terminal device 7 can also be executed by a file transfer method performed via the server device 4. In this case, the operator of the terminal device 5 uploads the encrypted file to the server device 4 and transmits an e-mail addressed to the external terminal mail address directly or via the server device 4. The usage ID notification request link data is pasted in the body of the e-mail.

  Regardless of the delivery method, the external terminal device 7 that has received the e-mail clicks on the link data and accesses the download site of the decryption-only software of the server device 4 so that the decryption-only software and its use are used. ID can be acquired.

  The method for obtaining the decryption-dedicated software and its use ID is not particularly limited, but can be performed by the following method, for example.

  That is, when the link data is clicked to access the download site for the decryption dedicated software, the server device 4 can acquire the file ID included in the link data.

  On the other hand, when accessing the download site, the user is prompted to input an e-mail address to the external terminal device 7 at the download site. In response, the e-mail address that received the e-mail attached with the encrypted file is input from the external terminal device 7.

  Based on the file ID table 73, the server device 4 determines whether the external terminal mail address stored in correspondence with the acquired file ID matches the input electronic mail address.

  If they match, it is determined that the input e-mail address is a genuine external terminal mail address, and the server apparatus 4 displays link data for downloading the decryption-dedicated software on the download site.

  By clicking on this link data in the external terminal device 7, the decryption dedicated software is downloaded to the external terminal device 7. The decryption-dedicated software downloaded at this time has a serial number (allowable target ID) stored in the allowable target table 74 in association with the file ID.

  This decryption-dedicated software cannot be activated unless a usage ID is input.

  Based on FIG. 12, the usage ID notification process for notifying the external terminal device 7 of the usage ID will be described.

  The server device 4 reads data in the OTUID notification mode (utilization ID notification mode) corresponding to the acquired file ID from the file ID table 73 (step S50). If the data in the OTUID notification mode is “automatic notification”, the usage ID is notified to the external terminal device 7 (steps S51 and S58). The notification method is not limited. For example, immediately after the download of the decryption-only software by the external terminal device 7 is completed, the notification is displayed on the download site or in an e-mail addressed to the external terminal mail address. Can be.

  On the other hand, if the data in the OTUID notification mode is “waiting for approval”, the server apparatus 4 sets the usage ID request flag (flag value = 1) as the authentication data request received data, the acquired file ID, and the second The data is written in the authentication data request status table 75 in association with the external terminal mail address as the specific data (step S52).

  The terminal device 5 on the transmission side searches the database 12 of the server device 4 at predetermined time intervals (for example, every 5 minutes), and based on the file ID table 73 and the authentication data request status table 75, It is determined whether there is a usage ID request flag (flag value = 1) corresponding to the file ID associated with the unique ID related to the terminal device 5 (step S53).

  In addition, in order to execute the search process (monitoring process) by the terminal device 5 on the transmission side, it is necessary that the encryption / decryption software constituting the system 2 is resident in the terminal device 5. However, in order to reduce the load due to the resident operation, the resident operation can be performed only for a certain period (for example, three days) after the encryption process. After the resident operation period has elapsed, the above search processing can be executed by appropriately operating encryption / decryption software.

  When the use ID request flag (flag value = 1) is found in the search process, the transmission-side terminal device 5 displays the authentication data request status table 75 on the display device 62 of the terminal device 5. The fact that the usage ID notification request has been received from the external terminal device 7 specified by the external terminal mail address (second specific data) corresponding to the usage ID request flag (flag value = 1) is displayed (step S54).

  As shown in FIG. 11, the display is configured to be performed using a pop-up window 80 in the display screen 89 of the display device 62. In the pop-up window 80, a message display area 81, a permission button 82, and a non-permission button 83 are arranged.

  In the message display area 81, a message including the date and time when the usage ID notification request arrives at the server device 4, the external terminal mail address, and a display indicating that the usage ID notification request has arrived is displayed. The operator of the terminal device 5 on the transmission side sees this message and determines whether or not to permit use ID transmission to the external terminal device 7 related to the external terminal mail address.

  When the result of the use ID transmission approval / disapproval determination is input from the permission button 82 and the disapproval button 83 of the pop-up window 80 (step S55), the server device 4 uses the flag value of the use ID request flag in the authentication data request status table 75. Is set to “0” (step S56).

  When the operator of the transmission-side terminal device 5 determines that the use ID transmission is not permitted and the non-permission button 83 is operated, the server device 4 does not transmit the use ID to the external terminal device 7 (step S57, Step S59). On the other hand, when it is determined that transmission of the usage ID is permitted and the permission button 82 is operated, the server device 4 transmits the usage ID to the external terminal device 7 using, for example, an electronic mail addressed to the external terminal mail address ( Step S58).

  In this way, the external terminal device 7 can acquire the decryption-dedicated software and its use ID via the server device 4.

  Note that the notification that the usage ID notification request has arrived can also be made using an e-mail to the terminal device 5 on the transmission side.

  That is, if the data in the OTUID notification mode is “waiting for approval”, the server apparatus 4 uses the unique ID related to the terminal apparatus 5 on the transmission side obtained based on the file ID table 73, the serial number table 70, and the user table 72. An e-mail inquiring whether to approve the transmission of the usage ID to the external terminal device 7 is transmitted to the e-mail address corresponding to.

  In the electronic mail, link data to a site for inputting permission / denial to transmit the usage ID to the external terminal device 7 is described. In the terminal device 5 on the transmitting side, the site for inputting the approval / disapproval is accessed according to the link data, and the approval / disapproval of transmitting the usage ID to the external terminal device 7 is input. When the input data is “not permitted (rejected)”, the server device 4 does not transmit the usage ID to the external terminal device 7. When the input data is “permitted (approved)”, the server device 4 transmits the usage ID to the external terminal device 7 using, for example, an electronic mail addressed to the external terminal mail address.

  Returning to FIG. 6, the processing after step S42 will be described. Since the processing in step S42 and subsequent steps is common to the case of the receiving terminal device 6 and the case of the external terminal device 7, the case of the receiving terminal device 6 will be described as an example.

  When the encryption / decryption software is operated in the receiving-side terminal device 6 that performs the decryption process, the CPU 61 of the receiving-side terminal device 6 (hereinafter simply referred to as “terminal device 6”) may be used. Then, monitoring of the input of the encrypted file is started (step S42).

  The input of the encrypted file to the terminal device 6 is performed by, for example, dragging the icon of the encrypted file to the encrypted file input area of the input screen (not displayed) displayed on the display device 62 of the terminal device 6. It is executed by dropping. This operation corresponds to a decryption instruction.

  When the encrypted file is input, the terminal device 6 determines whether or not the encrypted file is password-locked (step S43). If the password is not locked, the control proceeds to step S45, where the password is locked. If it is locked, a password unlock process is performed (step S44).

  In the password unlock processing, the receiving terminal device 6 transmits a password notification request to the server device 4. The method of transmitting the password notification request is not particularly limited. For example, the password notification request link data described in the body of the email attached with the encrypted file received from the terminal device 5 on the transmission side. By clicking. The link data for requesting password notification is described (pasted) in the body of the e-mail to which the encrypted file is attached, for example, by the operator of the sender terminal device 5.

  In step S3, the encrypted file can be delivered to the terminal device 6 on the receiving side by a file transfer method performed via the server device 4. In this case, the operator of the terminal device 5 uploads the encrypted file to the server device 4, and transmits an e-mail addressed to the e-mail address of the receiving terminal device 6 directly or via the server device 4. To do. The password notification request link data is pasted in the body of the e-mail.

  Regardless of the delivery method, the file ID of the encrypted file is automatically added to the password notification request link data, and when the link data is clicked, the server device 4 Get an ID.

  When the password notification request link data is clicked on the terminal device 6 on the receiving side, the terminal device 6 is prompted to input an e-mail address. In response, the e-mail address that received the e-mail attached with the encrypted file is input from the terminal device 6.

  The server device 4 corresponds to the unique ID included in the allowable target ID stored in correspondence with the acquired file ID based on the allowable target table 74, the group member table 71, the serial number table 70, and the user table 72. It is determined whether the electronic mail address of the terminal device 6 matches the input electronic mail address.

  If they match, the server apparatus 4 determines that the input e-mail address is the e-mail address of the terminal apparatus 6 related to the decryption permission target, and uses the input e-mail address as the authentication data request status table 75. The second specific data is stored, and then a password notification process is performed.

  It should be noted that it is not always necessary to determine whether or not the electronic mail address of the terminal device 6 related to the decryption permission target matches the input electronic mail address.

  Incidentally, in the password unlock processing of the external terminal device 7, when the password notification request link data is clicked in the external terminal device 7, the terminal device 7 is prompted to input an e-mail address. In response, the e-mail address that received the e-mail attached with the encrypted file is input from the terminal device 7.

  Based on the file ID table 73, the server device 4 determines whether the external terminal mail address stored in correspondence with the acquired file ID matches the input electronic mail address.

  If they match, the server apparatus 4 determines that the input e-mail address is a genuine e-mail address of the terminal apparatus 7 related to the decryption permission target, and uses the input e-mail address as the authentication data request status. The data is stored as the second specific data in the table 75, and then a password notification process is performed.

  The password notification process will be described with reference to FIG.

  Based on the acquired file ID, the server device 4 reads data in the password notification mode corresponding to the file ID from the file ID table 73 (step S60).

  If the password notification mode data is “automatic notification”, the server device 4 reads the password corresponding to the file ID from the file ID table 73 and transmits it to the terminal device 6 on the receiving side (step S61, step S61). S68). This transmission method is not particularly limited. For example, the transmission method is transmitted using an e-mail addressed to the e-mail address of the terminal device 6 on the receiving side, which is input following the click of the above-described password notification request link data. The

  On the other hand, when the data in the password notification mode is “waiting for approval”, the server device 4 sets the password request flag (flag value = 1) as the authentication data request received data, the acquired file ID, and the second The specific data is written in the authentication data request status table 75 in association with the e-mail address of the terminal device 6 on the receiving side (step S62).

  The terminal device 5 on the transmission side searches the database 12 of the server device 4 at predetermined time intervals (for example, every 5 minutes), and based on the file ID table 73 and the authentication data request status table 75, It is determined whether or not there is a password request flag (flag value = 1) corresponding to the file ID associated with the unique ID related to the terminal device 5 (step S63).

  In addition, in order to execute the search process (monitoring process) by the terminal device 5 on the transmission side, it is necessary that the encryption / decryption software constituting the system 2 is residently operated in the terminal device 5. However, in order to reduce the load due to the resident operation, the resident operation can be performed only for a certain period (for example, three days) from the encryption process or the password lock process. After the resident operation period has elapsed, the above search processing can be executed by appropriately operating encryption / decryption software.

  When the password request flag (flag value = 1) is found in the search process, the transmission-side terminal device 5 displays the authentication data request status table 75 on the display device 62 of the terminal device 5. It is displayed that a password notification request has been received from the terminal device 6 on the receiving side specified by the e-mail address (second specifying data) corresponding to the password request flag (flag value = 1) (step S64).

  The display screen at this time is substantially the same as the display screen 89 shown in FIG. However, the e-mail address of the terminal device 6 on the receiving side is displayed in the message display area 81 instead of the external terminal e-mail address, and the password notification request arrives instead of the display indicating that the usage ID notification request has arrived. Is displayed.

  The operator of the terminal device 5 on the transmission side looks at this message and determines whether or not to permit password transmission to the terminal device 6 on the reception side related to the displayed electronic mail address.

  When the result of password transmission approval / disapproval determination is input from the permission button 82 and the non-permission button 83 of the pop-up window 80 (step S65), the server apparatus 4 sets the flag value of the password request flag in the password request status table 75 to “0”. “(Step S66).

  When the operator of the terminal device 5 on the transmission side determines that the password transmission is not permitted and the non-permission button 83 is operated, the server device 4 does not transmit the password to the terminal device 6 on the reception side (Step S67, Step S69). On the other hand, when it is determined that the password transmission is permitted and the permission button 82 is operated, the server device 4 uses, for example, an e-mail addressed to the e-mail address of the receiving terminal device 6 to receive the password. It transmits to the apparatus 6 (step S68).

  In this way, the receiving-side terminal device 6 can obtain the password via the server device 4.

  The notification that the password notification request has arrived can be performed using an electronic mail to the terminal device 5 on the transmission side, as in the case of step S41 described above.

  Note that the terminal device 5 on the transmission side that has received notification from the server device 4 that there has been a password notification request can also be configured to transmit the password directly to the terminal device 6 on the reception side. Although this transmission method is not particularly limited, for example, transmission is performed using an e-mail obtained from the server device 4 and addressed to the e-mail address of the terminal device 6 on the receiving side.

  In this way, in the receiving terminal device 6 that has received the password notification, the password lock of the encrypted file is released using the password.

  Next, as shown in FIG. 6, the terminal device 6 on the receiving side has hardware (for example, USB memory) or software (for example, activated encryption / decryption software) used in the terminal device 6. The unique ID is read from the encrypted file, and the encrypted file is decrypted using the decryption key generated based on the read unique ID (step S45).

  In the description of step S23, as another example of the encryption method when the decryption permission target is a specific group of one or more, based on the group ID of the group (see the group member table 71). The configuration of generating an encrypted file by generating an encryption key and encrypting a plain text file using the encryption key has been described. A decryption method in this case will be described.

  In this case, the terminal device 6 on the receiving side reads and reads the unique ID from hardware (for example, USB memory) or software (for example, activated encryption / decryption software) used in the terminal device 6. It is determined which group the unique ID belongs to based on the serial number table 70 and the group member table. In this way, the group ID corresponding to the read unique ID can be read from the database 12.

  The terminal device 6 on the receiving side can decrypt the encrypted file using the decryption key generated based on the read group ID.

  In the case of encryption, when other protection conditions, such as the number of times that decryption can be performed and the period during which decryption is possible, shown on the display screen 40 in FIG. Only when the condition is satisfied, the encrypted file can be decrypted.

  In this manner, the encrypted file is decrypted in the terminal device 6 on the receiving side.

  On the other hand, when the decoding in step S45 is executed in the external terminal device 7, it is different from the case of the receiving side terminal device 6.

  When decryption is executed in the external terminal device 7, the external terminal device 7 sends the encrypted file received from the terminal device 5 on the transmission side in step S3 via the server device 4 in step S41. Decryption is performed using the obtained decryption-dedicated software and its use ID.

  As mentioned in the description of step S26 above, since only the serial number of the decryption dedicated software is used at the time of encryption, the encrypted file can be decrypted only by the decryption dedicated software. Yes. When a protection condition other than the decryption permission target setting area 45 (see FIG. 8) is set, decryption is performed on the condition that the condition is satisfied.

  In this way, the decryption process (step S4) ends, and the file transfer process is completed.

  In the above-described embodiment, the identification ID that can be directly recognized from the hardware or software by the encryption / decryption software constituting the system, such as a hardware or software serial number, is described as an example of the unique ID. However, the present invention is not limited to this. The identification ID that can be recognized indirectly by hardware or software by the encryption / decryption software can be used as the unique ID.

  For example, the owner ID shown in the serial number table 70 can be a unique ID. With this configuration, at the time of encryption, an encryption key is generated using an owner ID as a unique ID, and prior to decryption, a serial number directly recognized by the encryption / decryption software is stored in a database (above The serial number table 70) can be used to convert the owner ID. In this way, decryption is possible using the owner ID that is the unique ID.

  In such a configuration, by setting the data length of the owner ID to be shorter than the data length of the serial number, the data amount of the encryption key can be kept small even for an encryption key including a large number of unique IDs.

  In this case, the encryption / decryption software recognizes the owner ID as the unique ID indirectly from the hardware or software via the database. If the encryption / decryption software and the database are interpreted as an integrated system, the system recognizes the owner ID as the unique ID directly from the hardware or software.

  In any case, when a solid identification mark (for example, an owner ID) that cannot be directly recognized by the encryption / decryption software is used as a unique ID, a pair is formed with the solid identification mark that can be directly recognized. It is sufficient to provide a means (for example, a conversion table such as the serial number table 70 or an arithmetic conversion means) capable of mutual conversion to 1. The present invention includes such a configuration.

  In the above-described embodiment, the case where the server device and each terminal device are each configured using one computer has been described as an example, but the present invention is not limited to this. The server device can also be configured by two or more computers. In this case, the two or more computers can be connected via the information communication means 8.

  Also, one terminal device can be configured by two or more computers. Also in this case, the two or more computers can be connected via the information communication means 8.

  In this case, for example, a function corresponding to each function of the terminal device 5 is provided to a terminal device equipped with a web browser from a web server (not shown) in an ASP (Application Service Provider) system. You can also. The same applies to the other terminal apparatuses 6, 7, and 9.

  Step S2 shown in FIG. 4 corresponds to a part of the encryption processing unit 20 of the terminal device 5 on the transmission side and the server side control unit 10 of the server device 4 in FIG. Part of step S3 shown in FIG. 4 corresponds to part of the information communication means 8 in FIG. Step S4 shown in FIG. 4 corresponds to the decryption processing unit 30 of the terminal device 6 on the receiving side and the other part of the server side control unit 10 of the server device 4 in FIG. Step S29 shown in FIG. 5 corresponds to the password lock processing unit 21 of the terminal device 5 on the transmission side in FIG. Step S44 illustrated in FIG. 6 corresponds to the password lock release processing unit 31 of the terminal device 6 on the receiving side in FIG. Step S52 shown in FIG. 12 and step S62 shown in FIG. 13 correspond to the authentication data request received data storage control unit 24 of the server device 4 of FIG. Step S54 illustrated in FIG. 12 and step S64 illustrated in FIG. 13 correspond to the authentication data request notification control unit 23 of the terminal device 5 on the transmission side in FIG.

  In this embodiment, as a recording medium storing a program on the server device 4 side of the electronic file transfer system 2, a hard disk mounted on the HDD is exemplified, and a program on the terminal device 5, 6, 7 side is stored. The flash memory mounted on the SSD is exemplified as the recording medium, but the recording medium storing the program is not limited to these, and examples of the recording medium storing the program include an external memory card, a CD- ROM, DVD-ROM, flexible disk, and magnetic tape can also be used. Further, the main storage device can also be used as a recording medium storing a program.

  In addition, the distribution mode of the program is not particularly limited, and the program may be distributed via a wired or wireless information communication unit in addition to distributing the program stored in a recording medium.

  The recording mode of the program is not particularly limited. In addition to being stored or distributed in a recording medium in a form that can be directly executed, it can be stored or distributed in a recording medium in a compressed form so as to be decompressed and used, for example.

  In each of the above-described embodiments, the case where each function of FIG. 2 is realized by using a computer has been described as an example. However, part or all of these functions are configured using hardware logic. May be.

  Further, the above-described block diagram, hardware configuration, flowchart, database configuration, display screen configuration, and the like are given as examples, and the present invention is not limited thereto.

  Although the present invention has been described above as a preferred embodiment, the terminology has been used for description rather than limitation and departs from the scope and spirit of the present invention. Without departing from the scope of the appended claims. Also, while the above describes only some exemplary embodiments of the present invention in detail, those skilled in the art will recognize the exemplary implementations described above without departing from the novel teachings and advantages of the present invention. It will be readily appreciated that many variations in form are possible. Accordingly, all such modifications are intended to be included within the scope of the present invention.

  In addition, this invention can also be grasped | ascertained as follows.

  [Invention A]

  In the electronic file transfer system according to the third invention of the present application,

  The database further stores the unique ID related to the terminal device on the transmitting side and the unique ID related to the terminal device on the receiving side in one or more groups.

  The disabling processing unit is specified when an electronic file disabling command is input that includes specification of a specific group to which a unique ID related to the transmission-side terminal device belongs among the groups stored in the database. The electronic file is configured to be disabled using a disabling key configured so that the electronic file can be used only with an enabling key generated based on one of the unique IDs constituting the group. Was it,

  An electronic file transfer system characterized by

  [Invention B]

  In the electronic file transfer system of the invention A,

  The database stores a plurality of different groups in association with one unique ID,

  The disabling processing unit further includes an electronic file disabling instruction with designation of one or more specific groups to which the unique ID related to the terminal device on the transmitting side belongs among the groups stored in the database. When input, the electronic file is made using the disabling key configured so that the electronic file can be used only with the enabling key generated based on any of the unique IDs constituting all the specified groups. Configured to make the file unavailable,

  An electronic file transfer system characterized by

  Moreover, the invention grasped in this way has the following effects.

  [Invention A]

  According to the information communication system of the invention A, when it is permitted to share the contents of a confidential electronic file only within the same organization, for example, within the same department in the company, use of members belonging to the organization By setting a group having a hardware or software unique ID as a constituent element, it is possible to easily prevent the contents of the electronic file from leaking outside the organization.

  In this case, by designating a group, all unique IDs belonging to the group are designated, so in particular when there are a large number of members of the organization, the operation is easier than when individually designated. Moreover, it is possible to prevent omission of specification and erroneous sending.

  [Invention B]

  According to the information communication system according to the invention B, when a member belonging to a certain group also belongs to one or more other groups, a unique ID related to the hardware and software used for each group is obtained. If you set a group, you can select one or more organizations from multiple organizations to which you belong, and deliver the disabled electronic file according to the contents of the electronic file. Can do.

  For this reason, for example, if a superimposing group that assumes the contents of various electronic files is set for each member, the range of sharing a certain type of electronic file may become wider or narrower than necessary. Can be prevented.

For this reason, according to the content of an electronic file, the range which can deliver an electronic file can be set finely, maintaining the confidentiality of an electronic file.

4: Server device 5: Transmission-side terminal device 6: Reception-side terminal device 12: Database 23: Authentication data request notification control unit 24: Authentication data request received data storage control unit

Claims (11)

An electronic file exchange system comprising a first terminal device and a second terminal device capable of communicating information between a server device comprising a database and the server device via an information communication means,
The server device includes a server-side control unit that performs control processing in the server device,
The first terminal device includes a first control unit that performs control processing in the first terminal device,
The second terminal device includes a second control unit that performs control processing in the second terminal device,
When the server-side control unit receives an authentication data notification request including a file ID that is an identification mark of the electronic file, from the second terminal device, the authentication data notification request for requesting notification of authentication data regarding the electronic file. Authentication data request received data indicating that an authentication data notification request has been received is stored in the database in association with the file ID and second specifying data that is data specifying the second terminal device. A data request received data storage control unit,
The first control unit searches the database of the server device, and when there is authentication data request received data associated with a file ID of an electronic file for which the first terminal device has authorization authority for authentication data transmission. Based on the database, in the first terminal device, by notifying that the authentication data notification request has been received from the second terminal device specified by the second specific data corresponding to the authentication data request received data, An authentication data request notification control unit configured to support determination of whether or not to permit authentication data transmission to the second terminal device by the first terminal device;
An electronic file transfer system characterized by The electronic file transfer system according to claim 1,
When notifying that the authentication data notification request has been received from the second terminal device in the first terminal device, the authentication data request notification control unit displays a pop-up window on the display device of the first terminal device. Was configured,
An electronic file transfer system characterized by In the electronic file transfer system according to any one of claims 1 to 2,
The system includes a transmission-side terminal device as the first terminal device, and one or more reception-side terminal devices as the second terminal device,
The first control unit of the terminal device on the transmission side is
Two or more of a unique ID that is an individual identification mark of hardware or software used in the terminal device on the transmission side and a unique ID of hardware or software used in one or more of the terminal devices on the reception side When an instruction to disable the use of an electronic file with designation of a unique ID is input, the electronic file can be made usable only with an enabling key generated based on one of the designated unique IDs. A disabling processor configured to disable the electronic file using the disabling key and store the file ID of the electronic file in the database via the server device,
With
The second control unit of the terminal device on the receiving side is
When an instruction for enabling an electronic file that has been made unavailable is input, a unique ID is acquired from the hardware or software used in the terminal device on the receiving side, and generated based on the acquired unique ID An enabling processing unit for making the disabled electronic file available using the enabling key;
With
The disabling processor is
A password lock processing unit that locks the electronic file using the specified password when the disable instruction includes the designation of a password as authentication data;
The enabling processing unit includes:
When an electronic file that has been disabled and the electronic file acquired together with the file ID of the electronic file is password-locked, the electronic file is notified based on a password notification request as an authentication data notification request to the server device. A password lock release processing unit that acquires the password and releases the password lock using the acquired password,
An electronic file transfer system characterized by In the electronic file transfer system according to any one of claims 1 to 2,
The system
A transmission-side terminal device as the first terminal device, and an external terminal device as a second terminal device specified by an e-mail address,
The first control unit of the terminal device on the transmission side is
Temporarily usable software provided from the server device when an instruction to disable the use of an electronic file accompanied by the designation of the external terminal device by an external terminal email address that is an email address of the external terminal device is input A disable processing unit configured to disable the electronic file so that it can be used only, and to store the file ID of the electronic file in the database via the server device,
The second control unit of the external terminal device is
When an instruction to enable use of an electronic file that has been disabled and is acquired together with the file ID of the electronic file is input, based on the use ID notification request as an authentication data notification request to the server device The disabled electronic file can be used by using the temporarily usable enabling software that is made available by the use ID for using the temporarily usable enabling software notified. An enabling processing unit configured to
An electronic file transfer system characterized by The electronic file transfer system according to claim 4,
The disabling processor is
A password lock processing unit that locks the electronic file using the specified password when the disable instruction includes the designation of a password as authentication data;
The enabling processing unit includes:
When an electronic file that has been disabled and the electronic file acquired together with the file ID of the electronic file is password-locked, the electronic file is notified based on a password notification request as an authentication data notification request to the server device. A password lock release processing unit that acquires the password and releases the password lock using the acquired password,
An electronic file transfer system characterized by   6. The server device used in the electronic file transfer system according to claim 1.   The said 1st terminal device used for the electronic file transfer system in any one of Claim 1 thru | or 5.   The said 2nd terminal device used for the electronic file transfer system in any one of Claim 1 thru | or 5.   A computer is caused to function as a server-side control unit of the server device of claim 6, a first control unit of the first terminal device of claim 7, or a second control unit of the second terminal device of claim 8. program.   A recording medium storing the program according to claim 9. Using an electronic file transfer system including a server device including a database and a first terminal device and a second terminal device capable of communicating information with the server device via an information communication unit An electronic file exchange method to be performed,
A server-side control step in which the server device performs control processing in the server device;
A first control step in which the first terminal device performs control processing in the first terminal device;
A second control step in which the second terminal device performs control processing in the second terminal device;
With
When the server-side control step receives an authentication data notification request including a file ID, which is an identification mark of the electronic file, from the second terminal device, an authentication data notification request for requesting notification of authentication data regarding the electronic file. Authentication data request received data indicating that an authentication data notification request has been received is stored in the database in association with the file ID and second specifying data that is data specifying the second terminal device. A data request received data storage control step,
The first control step searches the database of the server device, and when there is authentication data request received data associated with the file ID of the electronic file for which the first terminal device has authorization authority for authentication data transmission. Based on the database, in the first terminal device, by notifying that the authentication data notification request has been received from the second terminal device specified by the second specific data corresponding to the authentication data request received data, An authentication data request notification control step configured to support the determination of whether or not to permit authentication data transmission to the second terminal device by the first terminal device;
An electronic file exchange method characterized by the above.