JP2022037965A - Control program, control method, and control apparatus - Google Patents

Abstract

To reduce the risk of information leakage.SOLUTION: A computer executes processing of: determining whether a display device embedded in or connected to an information processing apparatus which has made a request to display a file satisfies a display condition on the display device which indicates requirements for permitting display of the file; displaying the file on the display device when the display device satisfies the display condition as a result of the determination; and controlling the file not to be displayed on the display device when the display device does not satisfy the display condition.SELECTED DRAWING: Figure 14

Description

Regarding control programs, control methods and control devices.

For companies (or various public organizations, etc.), if confidential information for maintaining social safety and competitiveness is leaked to a third party, it is expected to cause great damage such as credit loss and economic loss. .. Therefore, as a measure against information leakage, access authority to the secret file containing confidential information is given only to the user who is permitted to view it, and access to the secret file from a third party to whom the access authority is not granted is prohibited. ..

Japanese Unexamined Patent Publication No. 2007-233441

In recent years, there has been an increase in the number of people who work using information processing terminals outside the company, such as when they are on a business trip or on the move. Under such circumstances, if a user who is permitted to access the secret file is displaying the secret information on the display screen of the information processing terminal, a third party in the vicinity may peep or take a voyeur. Confidential information may be leaked.

According to one aspect, the purpose is to reduce the risk of information leakage.

In one embodiment, does the display device built into or connected to the information processing device that requested the computer to display the file satisfy the display device's condition and the display condition indicating the requirement for permitting the display of the file? If the display device meets the display conditions, the file is displayed on the display device, and if the display device does not meet the display conditions, the file is controlled not to be displayed on the display device. To execute.

According to one aspect, the risk of information leakage can be reduced.

FIG. 1 shows an overall configuration diagram according to this embodiment. FIG. 2 shows an example of a functional block diagram of the terminal 21. FIG. 3 shows an example of the terminal information 31. FIG. 4 shows an example of the file information 41. FIG. 5 shows an example of a functional block diagram of the server 51. FIG. 6 shows an example of the storage unit 53. FIG. 7 shows an example of the secret classification information 61. FIG. 8 shows an example of the policy pattern information 62. FIG. 9 shows an example of the terminal information 63. FIG. 10A shows an example of display information 64a. FIG. 10B shows an example of network segment information 64b. FIG. 10C shows an example of monitoring software information 64c. FIG. 10D shows an example of VPN software information 64d. FIG. 11 shows an example of processing of the terminal 21. FIG. 12 shows an example of the process of step S14. FIG. 13 shows an example of the processing of the server 51. FIG. 14 shows an outline of this embodiment. FIG. 15A shows an example of processing of the terminal 21. FIG. 15B shows an example of processing of the terminal 21. FIG. 16 shows an example of the hardware configuration according to this embodiment. FIG. 17 shows an example of a functional block diagram of the control device 171. FIG. 18 shows an example of the process according to this embodiment.

Examples of carrying out the present invention will be described with reference to the drawings. The embodiment described in the specification is one of the embodiments for realizing the invention, and the content, execution order, and the like of each process in the embodiment can be appropriately changed within the range in which the invention can be realized.

〔Example〕
First, an example of the problem to be solved in this embodiment will be described with reference to FIG.

FIG. 1 shows an overall configuration diagram according to this embodiment. Further, FIG. 1 is an information processing system including, for example, a management server 11 and terminals 13a, 14a, 16a, and 17a. The management server 11 provides various services and data to the terminals 13a and 14a through, for example, the communication network 12. Further, the management server 11 provides various services and data to the terminals 16a and 17a through, for example, the communication network 12 and the communication network 15. Further, the management server 11 is, for example, an information processing device such as a computer or a server device.

Hereinafter, in this embodiment, the information terminal user to which the legitimate authority for viewing the secret file is granted may be described as "user". Further, in this embodiment, the file for which the secret classification is set is described as "secret file".

The communication network 12 is, for example, an information communication network that connects various network devices in an organization by wire or wirelessly, and is an in-house network in a company. The communication network 12 is, for example, an intranet or the like.

The terminal 13a communicates with the management server 11 from the affiliated office 13 through the communication network 12, for example. The affiliated office 13 is, for example, an in-house office in which a department to which the user belongs is set up. The terminal 13a is, for example, an information processing terminal such as a computer or an information processing device.

The terminal 14a communicates with the management server 11 from the in-house office 14 through the communication network 12, for example. The in-house office 14 is, for example, an in-house office different from the affiliated office 13. The in-house office 14 includes, for example, an in-house sales office other than the affiliated office 13, an in-house satellite office, and the like. The terminal 14a is, for example, an information processing terminal such as a computer or an information processing device.

The communication network 15 is, for example, an information communication network that connects various networks and devices outside the organization by wire or wirelessly, and is an external network. The communication network 15 is, for example, the Internet.

The terminal 16a communicates with the management server 11 from the office 16 of another company through the communication network 15 and the communication network 12, for example. The other company's office 16 is, for example, an outside office, an office of a user's business partner, or the like. The terminal 16a is, for example, an information processing terminal such as a computer or an information processing device.

The terminal 17a communicates with the management server 11 from the public facility 17 through the communication network 15 and the communication network 12, for example. The public facility 17 is, for example, a public facility including public transportation. For example, in a public facility 17, the terminal 17a may be used while a user is on a business trip. The terminal 17a is, for example, an information processing terminal such as a computer or an information processing device.

Further, for example, the user may remotely control and use the OS (Operating System) desktop on the virtual machine built on the predetermined server by using the terminals 13a, 14a, 16a, 17a. The predetermined server may be configured to include, for example, the management server 11.

Further, the management server 11 may provide various services and data to the information processing terminals 16a and 17a through the communication network 12 without going through the communication network 15, for example.

For example, in a public facility 17 or the like, a user may perform business by displaying confidential information in the organization such as new product information before publication on the screen of the terminal 17a. At this time, there is a risk of information leakage such as a third party in the vicinity of the user of the information processing terminal 17a peeping at the confidential information displayed on the screen or taking a voyeur. Further, for example, even when a user performs business at another company's office 16, there is a risk of information leakage. For example, there are secret files such as personnel information and business strategy information that are only allowed to be viewed by specific users. With respect to such secret files, there is a risk of information leakage such as peeping or voyeurism from a person who is not permitted to view the secret file even when the business is performed in the company such as the affiliated office 13 or the in-house office 14.

On the other hand, there is an increasing number of people who work by using information processing terminals outside the company, such as when they are on a business trip or on the move. As a measure against information leakage in such cases, when using an information processing terminal outside the company, technical measures such as prohibiting access to secret files based on location information by GPS (Global Positioning System) etc. are taken. .. However, setting the location to allow access to secret files according to the work location in this way is excessive for the administrator because it requires work every time the permitted area is changed or added. It will be a burden. In addition, taking such measures for all terminals owned by companies, etc. requires the installation of monitoring sensors, etc. in each area, so from the viewpoint of time and cost required for installation, etc., It's not always easy.

In addition to prohibiting access to secret files, the information processing terminal with a WEB camera monitors the user and the back of the user, turns off the display screen when the user leaves the desk, and detects peeping behavior. However, there are measures by monitoring software such as notifying the user. Further, in order to prevent peeping, there are measures such as attaching a protective film that controls the viewing angle of the display screen of the information processing terminal. However, if the user is given access to the secret file, the secret file can be disclosed even on a terminal that does not have monitoring software installed or a protective film attached, so there is a risk of information leakage if it is displayed on the screen. Will occur. In addition, measures such as monitoring software and protective films may impair the business efficiency of the user if the user does not display the confidential information on the screen.

Furthermore, not all files that the user wants to display on the screen of the terminal are highly confidential files. Therefore, there is a need to control the display (or non-display) of the secret file only for terminals for which information leakage countermeasures have been taken, according to the type (or importance) of the secret information contained in the secret file. Occurs.

In this embodiment, as an example, when appropriate information leakage measures are taken on the information processing terminal and the screen of the information processing terminal, a means for preventing information leakage by controlling so that confidential information can be displayed on the screen. explain.

Further, in the present embodiment, for example, information leakage means that confidential information is leaked to a person who is not permitted to view confidential information, and information leakage risk is a risk of leakage of confidential information. It shall mean sex.

[Functional block]
FIG. 2 shows an example of a functional block diagram of the terminal 21. The terminal 21 is, for example, an information processing terminal such as a computer or an information processing device including the terminals 13a, 14a, 16a, 17a shown in FIG. Further, the terminal 21 includes, for example, a stationary desktop PC (Personal Computer), a notebook PC, a tablet PC, a smartphone, and the like. The terminal 21 includes, for example, a collection unit 22, a detection unit 23, a storage unit 24, an acquisition unit 25, a communication unit 26, an output unit 27, and the like. Further, the terminal 21 includes a display device 28. The display device 28 includes, for example, a display unit 29 and the like. However, the terminal 21 and the display device 28 may be, for example, a form connected by a cable or the like, or may be a form in which the terminal 21 and the display device 28 are integrated. The display device 28 is an output device that displays a video signal such as a still image or a moving image, for example.

For example, the collecting unit 22 collects the terminal information 31 described later from the terminal 21, and collects the file information 41 described later from the secret file detected by the detecting unit 23. Further, the collecting unit 22 outputs, for example, the collected information to the storage unit 24.

The detection unit 23 detects, for example, that the terminal 21 opens (opens) a secret file. As an example, the detection unit 23 communicates with the management server 11 shown in FIG. 1 by the communication unit 26, and detects that the terminal 21 is trying to access the secret file. Further, as an example, the detection unit 23 detects that the terminal 21 closes (closes) the secret file displayed on the display unit 29.

The storage unit 24 stores the terminal information 31, which will be described later, the file information 41, which will be described later, and the determination result received by the communication unit 26, which is collected by the collection unit 22. Further, the storage unit 24 stores, for example, a secret file to be accessed by the terminal 21. The storage unit 24 outputs, for example, the stored information to the acquisition unit 25. Further, the determination result is, for example, information indicating whether or not the terminal 21 is permitted to display the secret file detected by the detection unit 23 on the display device 28.

The acquisition unit 25 acquires the terminal information 31 and the file information 41 described later stored in the storage unit 24, and outputs the acquired terminal information 31 and the file information 41 to the communication unit 26. Further, the acquisition unit 25 acquires the determination result stored in the storage unit 24 and outputs the acquired determination result to the output unit 27.

The communication unit 26 receives the terminal information 31 and the file information 41 described later from the acquisition unit 25, and transmits the received terminal information 31 and the file information 41 to the management server 11 shown in FIG. Further, the communication unit 26 receives the determination result from the management server 11 shown in FIG. 1, and outputs the received determination result to the storage unit 24.

The output unit 27 receives the determination result from the acquisition unit 25, and outputs the secret file to the display unit 29 when the file display is permitted.

The display unit 29 displays the secret file received from the output unit 27 on the display device 28 in a format that can be recognized by the user. The display unit 29 displays screen data corresponding to a secret file on, for example, a liquid crystal display provided in the display device 28, an organic EL (Electro Luminescence) display, or the like. Further, for example, when the display device 28 is a projector, the display unit 29 uses the projector to project screen data corresponding to the secret file.

Further, the terminal 21 may access, for example, a document server (not shown) and store a part or all data of the secret file provided (or stored) by the document server in the storage unit 24. Further, the collecting unit 22 may collect the file information 41 described later from the document server, for example. The document server is, for example, an information processing device such as a computer or a server device.

[Terminal information]
FIG. 3 shows an example of the terminal information 31. The terminal information 31 is information about the terminal 21 (or the display device 28). The terminal information 31 includes, for example, a terminal name 32, a display information 33, a network segment 34, a monitoring software 35, and a VPN (Virtual Private Network) software 36.

The terminal name 32 is information for identifying the terminal. As an example, it is assumed that the terminal name 32 related to the terminal 21 is "PC001".

The display information 33 is information about the display device 28. The display information 33 includes, for example, the serial number, the manufacturer, and the model number of the display device 28 (or the terminal 21 if the terminal 21 and the display device 28 are integrated). The serial number is information that uniquely identifies the display device 28. By including the serial number, for example, the server 51 described later can identify the display device 28 provided with the viewing angle control function (not shown). The display device with a viewing angle control function is, for example, a display device for preventing information leakage, in which the display screen of the display device 28 is controlled so as to be difficult to see from the side with respect to the front. The details of the serial number will be described later with reference to FIG. Further, the manufacturer is information indicating the manufacturer of the display device 28. The model number is information that identifies the model of the display device 28. In FIG. 3, as an example, it is shown that the serial number of the display device 28 corresponding to the terminal 21 identified by the terminal name “PC001” is “AXXXXXXX”. Further, it is shown that the manufacturer of the display device 28 corresponding to the terminal 21 identified by the terminal name "PC001" is "Company F". Further, it is shown that the model number of the display device 28 corresponding to the terminal 21 identified by the terminal name "PC001" is "F0000". Further, the terminal 21 acquires the display information 33 by using, for example, the API (Application Programming Interface) of the OS.

The network segment 34 is, for example, address information indicating a network segment that the terminal 21 is passing through to connect to the server 51 shown in FIG. 5 via a network. As an example, the network segment 34 included in the terminal information 31 is assumed to be "10.XXX.XXX.XXX" in IPv4 (Internet Protocol version 4) address notation. Further, the network segment 34 is not necessarily limited to the address notation shown in FIG. That is, the network segment 34 may be, for example, information that can uniquely identify the network segment.

The monitoring software 35 is, for example, information that uniquely identifies the monitoring software being executed on the terminal 21. The monitoring software is, for example, an application having a monitoring function for the purpose of preventing information leakage. Specifically, a camera (not shown) is used to monitor the user who operates the terminal 21, detect that a third party is peeping, and warn the user, or leave the user. This is an application that detects the above and puts the terminal 21 into the sleep state. The camera is a camera device built in or connected to the terminal 21, and is specifically a WEB camera or the like. Further, the monitoring software 35 includes, for example, the name of the monitoring software. As an example, it is assumed that the monitoring software 35 included in the terminal information 31 is "application A".

The VPN software 36 is information indicating, for example, the VPN software used when the terminal 21 connects to the corporate network from a remote location (for example, a location outside the company). The VPN software 36 contains, for example, information that uniquely identifies the VPN software being executed. As an example, it is assumed that the VPN software 36 included in the terminal information 31 is "application X".

[File information]
FIG. 4 shows an example of the file information 41. The file information 41 is information about a secret file accessed by the terminal 21. The file information 41 includes, for example, a file name 42 and a secret classification 43. The file name 42 indicates the identification information of the secret file accessed by the terminal 21. Further, the secret classification 43 indicates a classification classification (type) of confidential information included in the secret file. In this embodiment, as an example, the secret classification 43 includes classification classifications of confidential information such as "confidential of other companies", "confidential of related parties", "confidential", and "public information". The details of the classification classification of the secret information included in the secret classification 43 will be described later, but it corresponds to, for example, the secret classification classification 71 shown in FIG. 7. Further, as an example, it is assumed that the file name 42 included in the file information 41 is "FILE001" and the secret classification 43 is "secret of another company".

[Functional block]
FIG. 5 shows an example of a functional block diagram of the server 51. The server 51 is, for example, an information processing device such as a computer, a server, or an information processing system, including the management server 11 shown in FIG. The server 51 includes, for example, a communication unit 52, a storage unit 53, an acquisition unit 54, and a determination unit 55. Further, the server 51 manages, for example, the terminal 21 shown in FIG.

The communication unit 52 receives the terminal information 31 shown in FIG. 3 and the file information 41 shown in FIG. 4 from the terminal 21 shown in FIG. Further, the communication unit 52 transmits the determination result, which is the result of the determination by the determination unit 55, to the terminal 21.

The storage unit 53 stores the terminal information 31, the file information 41, the secret classification information 61, the policy pattern information 62, the terminal information 63, and the permission information 64 received by the communication unit 52. However, the details of the secret classification information 61, the policy pattern information 62, the terminal information 63, and the permission information 64 will be described later. Further, the storage unit 53 stores the determination result determined by the determination unit 55. Further, the storage unit 53 outputs the stored information to the acquisition unit 54.

The acquisition unit 54 acquires the terminal information 31 shown in FIG. 3 and the file information 41 shown in FIG. 4 stored in the storage unit 53, and outputs the acquired terminal information 31 and the file information 41 to the determination unit 55. Further, the acquisition unit 54 acquires the secret classification information 61, the policy pattern information 62, the terminal information 63, and the permission information 64 stored in the storage unit 53, and outputs the acquired permission information 64 to the determination unit 55. Further, the acquisition unit 54 acquires the determination result stored in the storage unit 53 and outputs the acquired determination result to the communication unit 52.

In the determination unit 55, the terminal 21 displays the secret file detected by the detection unit 23 shown in FIG. 2 based on the secret classification information 61, the policy pattern information 62, the terminal information 63, and the permission information 64 received from the acquisition unit 54. Determines whether to allow display on. Further, the determination unit 55 outputs the determination result, which is the determination result, to the storage unit 53.

FIG. 6 shows an example of the storage unit 53. The storage unit 53 stores, for example, secret classification information 61, policy pattern information 62, terminal information 63, and permission information 64.

[Secret classification table]
FIG. 7 shows an example of the secret classification information 61. The secret classification information 61 includes, for example, a secret classification classification 71 and a policy pattern 72. The secret classification information 61 corresponds, for example, with "other company's secret" as pattern A, "related party confidential" as pattern B, "confidential" as pattern C, and "public information" as pattern D. However, the secret classification information 61 does not necessarily have a one-to-one correspondence between the secret classification classification 71 and the policy pattern 72. That is, in the secret classification information 61, for example, "secret of another company" and "secret of related parties" may be associated with pattern A. Further, the policy pattern 72 is used to determine the check target 82, which will be described later, corresponding to the secret classification category 71.

The secret classification category 71 indicates the type of confidential information such as "secret of another company", "confidential of related parties", "confidential", and "public information".

"Confidentiality of other companies" indicates that the information is obtained from another company through a contract such as a nondisclosure agreement.

“Confidentiality of stakeholders” indicates, for example, information for maintaining the safety of society and maintaining the competitiveness of the company.

"Confidential" indicates, for example, information that is confidential to a person outside the company.

"Public information" indicates information that is public and is not confidential. However, in this embodiment, the public information will be described as one of the secret classification categories.

The policy pattern 72 is, for example, pattern A, pattern B, pattern C, pattern D, and the like. Further, the policy pattern 72 corresponds to the policy pattern 81 shown in FIG.

Further, the secret classification category 71 is not limited to the types of confidential information as described above. That is, the secret classification category 71 may define, for example, the classification category of confidential information for each organization. Further, the secret classification category 71 and the policy pattern 72 may have a one-to-many correspondence.

[Policy pattern information]
FIG. 8 shows an example of the policy pattern information 62. The policy pattern information 62 includes, for example, a policy pattern 81 and a check target 82. The policy pattern information 62 is, for example, a table showing a check target 82 corresponding to the policy pattern 81. The policy pattern 81 corresponds to the policy pattern 72 shown in FIG. 7, respectively. That is, the pattern A shown in the policy pattern 81 corresponds to the pattern A shown in the policy pattern 72 of FIG. 7. Similarly, the patterns B to D shown in the policy pattern 81 correspond to the patterns B to D shown in the policy pattern 72 of FIG. 7. The check target 82 includes items such as display information, network segments, monitoring software, and VPN software.

FIG. 8 shows, for example, that when the policy pattern 81 is the pattern A (secret classification classification: “secret of another company”), the display information, the network segment, and the monitoring software are checked among the check targets 82. Further, for example, when the policy pattern 81 is the pattern B (secret classification classification: "confidential person concerned"), it indicates that the network segment and the monitoring software are to be checked among the check target 82. Further, for example, when the policy pattern 81 is the pattern C (secret classification classification: "confidential"), it indicates that the monitoring software and the VPN software are the check targets among the check target 82. Further, for example, when the policy pattern 81 is the pattern D (secret classification classification: "public information"), it indicates that there is no item to be checked among the check target 82.

[Terminal information]
FIG. 9 shows an example of the terminal information 63. The terminal information 63 is information about a terminal managed by the server 51. The terminal information 63 includes, for example, a terminal name 32, a display information 33, a network segment 34, a monitoring software 35, and a VPN (Virtual Private Network) software 36. As an example, the terminal information 91 corresponds to the terminal information 31 shown in FIG. Further, the terminal information 92 is information about a terminal different from the terminal 21 having the terminal name 32 “PC002”. Similarly, the terminal information 93 is information about a terminal different from the terminal 21 having the terminal name 32 “PC003”. Further, for example, the display information 33 included in the terminal information 63 may include external information (not shown). The external information is information in which a display device 28 equipped with an external viewing angle control function or the like is associated with a serial number.

[Permission information]
10A to 10D show an example of each permission information included in the permission information 64 shown in FIG. 6, respectively. The permission information 64 includes, for example, display information 64a, network segment information 64b, monitoring software information 64c, and VPN software information 64d. However, the permission information is information that is an element of a condition (display condition) in which the server 51 permits the terminal 21 to display the secret file, for example. In other words, for example, if the terminal information 63 about the terminal 21 matches the permission information 64 for displaying the secret file, the server 51 determines that the terminal 21 satisfies the display condition. An example of permission information for each of the display information 64a, the network segment information 64b, the monitoring software information 64c, and the VPN software information 64d will be described with reference to FIGS. 10A to 10D.

FIG. 10A shows an example of display information 64a. The display information 64a includes, for example, a serial number, a manufacturer, and a model number. Further, the display information 64a corresponds to, for example, each item included in the display information 33 shown in FIG. For example, the display information 101a indicates that the serial number "AXXXXXXX", the manufacturer "F company", and the model number "F0000" are one of the permission information. Further, the display information 102a indicates that the serial number "BXXXXXX", the manufacturer "F company", and the model number "F0001" are one of the permission information. Further, the display information 103a indicates that the serial number "DXXXXXXX", the manufacturer "N company", and the model number "N0004" are one of the permitted information.

Here, it is assumed that the display device 28 in which information is registered in the display information 64a (matches the registered information) is a display device 28 having an information leakage prevention function such as the viewing angle control filter described above. .. That is, the display information 64a is information registered for permission as a display device 28 (or a terminal 21 provided with such a display device 28) that satisfies the security requirements for permitting the display of the secret file. The security requirement is, for example, a requirement set by an information manager. The information leakage prevention function provided in the display device 28 may be of any aspect as long as it is a function of preventing or limiting the peeping of the display device by a third party. Specific examples of the information leakage prevention function include a mode in which the display or the like of the display device has a viewing angle control function from the beginning, a mode in which a viewing angle control filter or a film is retrofitted to the display device 28, and the like. It is assumed that only a person wearing special glasses can view the display.

As an example, it is assumed that the terminal 21 (or the display device 28) has a serial number "AXXXXXXX", a manufacturer "F company", and a model number "F0000". In this case, the server 51 can determine to the terminal 21 that the display information of the check target 82 shown in FIG. 8 satisfies the display condition.

FIG. 10B shows an example of network segment information 64b. The network segment information 64b corresponds to, for example, the network segment 34 shown in FIG. For example, in the network segment information 64b, "10.XXX.XXX.XXX", "10.XXX.XXX.YYY", and "10.YYY.XXX.ZZZ" are one of the permission information in the IPv4 address notation. Show that. As an example, it is assumed that the terminal 21 connects to the server 51 via the network segment "10.XXX.XXX.XXX". In this case, the server 51 can determine to the terminal 21 that the display condition is satisfied for the network segment of the check target 82 shown in FIG. Further, for example, the terminal 21 may connect to the server 51 via a plurality of network segments. In this case, the server 51 can make it a display condition that all (or at least a part) of the plurality of network segments are included in the permission information.

FIG. 10C shows an example of monitoring software information 64c. The monitoring software information 64c includes, for example, information that uniquely identifies the monitoring software. The monitoring software information 64c corresponds to, for example, the monitoring software 35 shown in FIG. For example, the monitoring software information 64c indicates that the monitoring software "application A" and "application B" are one of the permission information. As an example, when the terminal 21 is executing the monitoring software "application A", the server 51 can determine to the terminal 21 that the monitoring software among the check targets 82 shown in FIG. 8 satisfies the display condition.

FIG. 10D shows an example of VPN software information 64d. The VPN software information 64d includes, for example, information that uniquely identifies the VPN software. The VPN software information 64d corresponds to, for example, the VPN software 36 shown in FIG. For example, the VPN software information 64d indicates that the VPN software "application X" and "application Y" are one of the permission information. As an example, when the terminal 21 is connected to the server 51 by using the VPN software “Application X”, the server 51 tells the terminal 21 that the VPN software among the check targets 82 shown in FIG. 8 is a display condition. It can be determined that the condition is satisfied. Further, for example, when the terminal 21 is executing the VPN software, the server 51 can determine that the terminal 21 is outside the company and can determine that the display condition of the secret file at the time of use outside the company is not satisfied. Further, for example, when the terminal 21 is not executing the VPN software, the server 51 may determine to the terminal 21 that the VPN software among the check targets 82 shown in FIG. 8 satisfies the display condition.

Further, the server 51 can use the network segment information 64b and the VPN software information 64d to determine whether or not the terminal 21 is executed at a place in the company. Further, the server 51 can use the network segment information 64b and the VPN software information 64d to determine whether or not the terminal 21 is executed at a place outside the company. Further, the server 51 does not necessarily have to use the network segment information 64b and the VPN software information 64d. That is, the server 51 may use either one of the network segment information 64b and the VPN software information 64d to determine whether the location where the terminal 21 is executed is inside or outside the company.

Further, FIGS. 10A to 10D are not limited to showing the permitted conditions, respectively. That is, some or all of FIGS. 10A to 10D may be configured to indicate disallowed conditions.

〔flowchart〕
An example of the processing of the terminal 21 shown in FIG. 2 will be described with reference to FIGS. 11 to 12.

FIG. 11 shows an example of processing of the terminal 21. When the terminal 21 is activated (step S11), the collecting unit 22 collects the terminal information 31 from the terminal 21 (step S12). After that, when the detection unit 23 detects that the terminal 21 is about to open the secret file (step S13), the terminal 21 controls the display of the secret file (step S14). The details of the process of step S14 will be described later. After the process of step S14, the process returns to the process of step S13. Further, for example, in step S11, the OS of the terminal 21 is started.

FIG. 12 shows an example of the process of step S14. In step S14, first, the collecting unit 22 collects the file information 41 regarding the secret file that the terminal 21 is about to open (step S21). After that, the communication unit 26 transmits the terminal information 31 and the file information 41 to the server 51 (step S22), and receives the determination result from the server 51 (step S23). When the determination result received by the communication unit 26 indicates that the display of the secret file is permitted (step S24; Y), the display unit 29 displays the secret file (step S25). After that, when the detection unit 23 detects a command from the terminal 21 to end the display of the secret file (step S26), the display unit 29 ends the display of the secret file (step S27). After the process of step S27, the process of step S14 ends. On the other hand, when the determination result received by the communication unit 26 does not indicate that the display of the secret file is permitted (step S24; N), the display unit 29 ends the process of step S14 without displaying the secret file. ..

FIG. 13 shows an example of the processing of the server 51. For example, the server 51 executes the processes of steps S31 to S36 after the terminal 21 executes the process of step S22 shown in FIG. Further, for example, the terminal 21 executes the process of step S23 shown in FIG. 12 after the server 51 executes the process of steps S31 to S36. The communication unit 52 receives the terminal information 31 and the file information 41 from the terminal 21 (step S31). After that, the storage unit 53 stores the terminal information 31 in the terminal information 63 (step S32). As an example, the terminal information 31 is stored as the terminal information 91 of the terminal information 63. The determination unit 55 determines the policy pattern corresponding to the secret file included in the file information 41 based on the file information 41 and the secret classification information 61 (step S33). After that, based on the policy pattern and the policy pattern information 62 determined by the determination unit 55, the items to be checked are determined from the check targets 82 (step S34). The determination unit 55 determines whether or not to allow the display of the secret file (step S35). After that, the communication unit 52 transmits the determination result to the terminal 21 (step S36).

Specific examples of the processes of steps S33 to S35 will be described.

Since the secret classification 43 included in the file information 41 is "other company's secret", the determination unit 55 specifies the policy pattern 72 "pattern A" corresponding to the secret classification classification 71 "other company's secret" (step S33). After that, the determination unit 55 refers to the policy pattern information 62, and checks each item of "display information", "network segment", "monitoring software", and "VPN software" corresponding to "pattern A". It is decided (step S34).

Next, the details of the process in step S35 will be described. First, the determination unit 55 determines "display information" among the check targets. The determination unit 55 compares the display information 33 included in the terminal information 91 with the display information 64a included in the permission information 64. The display information 33 included in the terminal information 91 corresponds to the display information 101a of the display information 64a. Therefore, the determination unit 55 determines that the terminal 21 is permitted to display the secret file for the "display information" among the check targets. Further, the determination unit 55 determines the "network segment" among the check targets. The determination unit 55 compares the network segment 34 included in the terminal information 91 with the network segment information 64b included in the permission information 64. The network segment 34 included in the terminal information 91 corresponds to "10.XXX.XXX.XXX" in the network segment information 64b. Therefore, the determination unit 55 determines that the terminal 21 is permitted to display the secret file for the check target “network segment”. Further, the determination unit 55 determines the "monitoring software" among the check targets. The determination unit 55 compares the monitoring software 35 included in the terminal information 91 with the monitoring software information 64c included in the permission information 64. The monitoring software 35 included in the terminal information 91 corresponds to "application A" in the monitoring software information 64c. Therefore, the determination unit 55 determines that the terminal 21 is permitted to display the secret file for the check target "monitoring software". The determination unit 55 does not determine the "VPN software" because it is not subject to the check. Therefore, the determination unit 55 determines that all the items to be checked are permitted, and as a result, the terminal 21 determines that the display condition is satisfied. The order of checking each item to be checked does not have to be limited to the order of the above example.

Further, a further example will be described with respect to the processes of steps S33 to S34. For example, when the server 51 determines based on the policy pattern 81 “Pattern B” shown in FIG. 8, the server 51 asks the terminal 21 for each item of “network segment” and “monitoring software” among the check target 82. Judgment for each. Further, for example, when the server 51 determines based on the policy pattern 81 "pattern C" shown in FIG. 8, the server 51 refers to the terminal 21 as "monitoring software" or "VPN software" among the check target 82. Judgment is made for each item. Further, for example, when the server 51 determines based on the policy pattern 81 "pattern D" shown in FIG. 8, the server 51 determines that the terminal 21 satisfies the display condition. When the server 51 determines based on the policy pattern 81 “Pattern D” shown in FIG. 8, the server 51 may omit the processing of steps S34 to S35.

FIG. 14 shows an example of this embodiment. FIG. 14 will describe an example of a case where the user accesses the file 141 using the terminal 142a and a case where the user accesses the file 141 using the terminal 142b. File 141 is, for example, a secret file containing the file information 41 shown in FIG. It is assumed that the terminal 142a is a terminal having the terminal information 91 shown in FIG. Further, it is assumed that the terminal 142b is a terminal having the terminal information 93 shown in FIG. The management server 143 is, for example, the server 51 shown in FIG.

First, when the terminal 142a detects the display instruction (file open request) of the file 141, the terminal 142a transmits the terminal information 31 shown in FIG. 3 and the file information 41 shown in FIG. 4 to the management server 143. Similarly, when the terminal 142b detects the display instruction of the file 141, the terminal information 31 and the file information 41 are transmitted to the management server 143. The management server 143 registers the terminal information 31 received from the terminals 142a and 142b in the terminal information 63 shown in FIG. Further, the management server 143 determines the check target 82 shown in FIG. 8 corresponding to the file information 41. That is, when the secret classification 43 of the file 141 is "secret of another company", the management server 143 refers to the secret classification information 61 shown in FIG. 7 and specifies the policy pattern 72 adopted in the determination as "pattern A". Further, the management server 143 refers to the policy pattern information 62 shown in FIG. 8 and determines to target the items of "display information", "network segment", and "monitoring software" among the check targets 82, respectively. .. After that, the management server 143 determines whether or not the display is possible based on the terminal information 63 and the permission information 64.

That is, since the display information 91 of the terminal 142a has the serial number "AXXXXXXX", the manufacturer "F company", and the model number "F0000", it corresponds to the display information 64a shown in FIG. 10A. Therefore, the management server 143 permits the terminal 142a for the display information item among the check targets 82. Further, since the network segment 34 of the terminal 142a is the network segment "10.XXX.XXX.XXX", it corresponds to the network segment information 64b shown in FIG. 10B. Therefore, the management server 143 permits the terminal 142a for the item of the network segment among the check target 82. Further, since the monitoring software 35 of the terminal 142a has the name "application A", it corresponds to the monitoring software information 64c shown in FIG. 10C. Therefore, the management server 143 permits the terminal 142a to check the items of the monitoring software among the check targets 82. Therefore, the management server 143 determines that all the items to be checked for the terminal 142a are permitted, and transmits the determination result that permits the display of the file 141 to the terminal 142a. The terminal 142a receives the determination result from the management server 143 and displays the file 141.

On the other hand, since the display information 93 of the terminal 142b has the serial number "CXXXXXX", the manufacturer "N company", and the model number "N0000", it does not correspond to the display information 64a shown in FIG. 10A. Therefore, the management server 143 does not allow the terminal 142b to check the display information item among the check targets 82. Further, since the network segment 34 of the terminal 142b is the network segment "11.YYY.YYY.YYY", it does not correspond to the network segment information 64b shown in FIG. 10B. Therefore, the management server 143 does not allow the terminal 142b to check the items of the network segment among the check targets 82. Further, since the monitoring software 35 of the terminal 142b has the name "application B", it corresponds to the monitoring software information 64c shown in FIG. 10C. Therefore, the management server 143 permits the terminal 142b for the item of the monitoring software among the check targets 82. Therefore, the management server 143 determines that among the items to be checked for the terminal 142b, the monitoring software is permitted, and the display information and the network segment items are not permitted. That is, since the management server 143 determines that the terminal 142b does not permit one or more items among the items to be checked, the management server 143 permits the terminal 142b to display the file 141. Do not send the judgment result. In the example described here, if there is at least one item that is determined not to allow one or more items among the items to be checked, the display of the file 141 is suppressed. However, the condition for suppressing the display of the file 141 is that it is determined that a plurality of items (two or more and the total number of items to be checked or less) are not allowed among the items to be checked. good. The terminal 142b receives the determination result from the management server 143, and ends the process without displaying the file 141.

In the present embodiment, the terminal 21 controls the display of the secret file based on the determination result received from the server 51, but the terminal 21 is not necessarily limited to the embodiment described in the present embodiment. For example, the server 51 determines only one of the determination result of permitting the display of the secret file on the terminal 21 and the determination result of not permitting the display of the secret file on the terminal 21. You may send it to. That is, the server 51 may be in a form of transmitting the determination result "permission" to the terminal 21 only when it is determined that the terminal 21 is permitted to display the secret file. In this case, the terminal 21 may display the secret file only when the determination result "permission" is received from the server 51, and may not display the secret file when the determination result "permission" is not received from the server 51. good. Further, the server 51 may be in a form of transmitting the determination result "rejection" to the terminal 21 only when it is determined that the terminal 21 is not permitted to display the secret file. In this case, the terminal 21 is configured not to display the secret file only when the judgment result "rejection" is received from the server 51, and to display the secret file when the judgment result "rejection" is not received from the server 51. You may.

Further, the server 51 may include a "determination reason" (not shown) in the determination result which is the result of the determination by the determination unit 55. That is, as the "reason for determination", the check target determined by the determination unit 55 based on the policy pattern 81, the determination result for each item of the check target, and the like may be included in the determination result and transmitted to the terminal 21. ..

Further, in the process of step S22, the terminal 21 may transmit only the file information 41 out of the terminal information 31 and the file information 41 to the server 51. In this case, in the process of step S34, the server 51 transmits information indicating the item to be checked to the terminal 21, and the terminal 21 corresponds to the information received from the server 51 among the information included in the terminal information 31. Only the information is transmitted to the server 51. In this way, the amount of communication transmitted by the terminal 21 to the server 51 can be reduced.

Further, for example, the terminal 21 may display a plurality of different secret files on the display device 28. In such a case, the terminal 21 transmits the terminal information 31 shown in FIG. 3 and the file information 41 shown in FIG. 4 regarding the first secret file to the server 51 only once. After that, if there is no change in the information included in the terminal information 31, the terminal 21 uses only the file information 41 related to the second secret file among the terminal information 31 and the file information 41 related to the second secret file to the server 51. It may be configured to send to. By doing so, for example, the amount of communication between the terminal 21 and the server 51 can be reduced.

Further, the terminal 21 may store the determination result received from the server 51 in the storage unit 24, and the terminal 21 may determine whether or not the secret file can be displayed based on the determination result stored in the storage unit 24. Specifically, the terminal 21 receives the determination result indicating that the server 51 permits the display of the secret file "FILE001" including the secret classification 43 "other company's secret" shown in FIG. 4, and the determination result is stored in the storage unit 24. Remember. After that, the terminal 21 tries to display a secret file "FILE002" (not shown) including the secret classification 43 "secret of another company". In such a case, the terminal 21 performs the subsequent processing on the assumption that the display of the secret file "FILE002" is permitted as well as the determination result of the secret file "FILE001" based on the determination result stored in the storage unit 24. You may do it. By doing so, for example, the amount of communication between the terminal 21 and the server 51 can be reduced. Further, for example, the processing load required for the determination processing of the server 51 can be reduced.

〔effect〕
Next, an example of the effect of the terminal 21 and the server 51 according to this embodiment will be described.

In this embodiment, the computer determines whether or not the display device for displaying the secret file (for example, the display device 28) satisfies the permission condition for displaying the secret file. Further, if it is determined that the display device satisfies the display condition, the terminal (for example, the terminal 21) displays the secret file on the display device, and if it is determined that the display device does not satisfy the display condition, the display device is kept secret. Control not to display the file. By doing so, even a legitimate user can prevent the secret file from being displayed on the display device that does not satisfy the display condition determined based on the secret classification of the secret file. In other words, the risk of leakage of confidential information can be reduced by having a third party snoop on the confidential file displayed on the display device.

Further, for example, when the terminal 21 detects an instruction (open command) for displaying the secret file on the display device 28, the terminal 21 transmits the terminal information 31 and the file information 41 to the server 51. Next, the server 51 determines the check target 82 based on the policy pattern 72 (and the policy pattern 81) corresponding to the secret classification 43 included in the received file information 41. Further, the server 51 indicates that the terminal 21 displays the secret file on the display device 28 based on the permission information 64 corresponding to the determined check target 82 and the received terminal information 31 (or terminal information 63). Determine whether to allow or not. Then, the server 51 transmits the determination result, which is the determination result, to the terminal 21. Next, the terminal 21 controls to display the secret file on the display device 28 when the determination result indicates that it is permitted according to the received determination result, and when it indicates that the determination result is not permitted. , The secret file is controlled not to be displayed on the display device 28. In this way, the secret file can be displayed only to the authorized terminals and display devices according to the classification classification (type) of the secret information included in the secret file. Therefore, the risk of information leakage can be reduced by controlling whether or not the secret file can be displayed.

Further, the display information 64a included in the permission information 64 includes a serial number. The serial number is identification information that uniquely identifies the display device. Further, the terminal information 63 includes information associated with the serial number. This allows the secret file to be displayed only on a specific authorized display (or display device).

Further, by including the "display information" in the check target 82, the server 51 can determine whether or not the terminal is provided with appropriate information leakage countermeasures. Further, the "terminal with appropriate information leakage countermeasures" includes, for example, a specific terminal associated with "display information" and authorized by the information manager. That is, when the server 51 determines that the terminal 21 is not a terminal for which appropriate information leakage measures have been taken, the server 51 transmits a determination result indicating that the display condition is not satisfied to the terminal 21. Then, when the terminal 21 receives the determination result indicating that the display condition is not satisfied from the server 51, the terminal 21 controls the display device 28 so as not to display the secret file. In this way, the risk of information leakage can be reduced. For example, it is possible to reduce the risk of information leakage caused by displaying a secret file on a display device when a user performs business using a terminal that is not provided with appropriate measures against information leakage.

Here, for example, consider a mode in which the terminal 21 has a built-in display device 28 and is further connected to an external display device. In this case, the terminal 21 can acquire information on both the built-in display device 28 and the external display device. For example, when the OS installed in the terminal 21 is Windows (registered trademark), the terminal 21 can acquire information about the display device built in or connected to the terminal 21 by using the function of the device manager. Then, the determination regarding the display information (corresponding to the above-mentioned "external information" for the external display device) described in this embodiment is executed for both the built-in display device 28 and the external display device. You may. In this case, even if the display device 28 built in the terminal 21 satisfies the permission information, the display of the secret file is not permitted unless the external display device satisfies the permission information. As a result, for example, even if the display device 28 built in the terminal 21 is provided with measures against information leakage, the external display device is not provided with measures against information leakage, thereby suppressing the occurrence of information leakage. Can be done. The external display device described here can be similarly suppressed even if it is a liquid crystal display, a projector, or the like.

Further, by including the "network segment" or "VPN software" in the check target 82, it is possible to determine whether or not the terminal 21 is connected to the server 51 from outside the company. Then, when the terminal 21 receives the determination result indicating that the display condition is not satisfied from the server 51, the terminal 21 controls not to display the secret file on the display device 28. In this way, the risk of information leakage can be reduced. For example, it is possible to reduce the risk of information leakage caused by displaying a secret file on the display device 28 of the terminal 21 when the user performs business outside the company such as on a business trip or on the move.

Further, by including the "monitoring software" in the check target 82, it is possible to determine whether or not the terminal is executing the predetermined monitoring software. That is, when the server 51 determines that the terminal 21 is executing the predetermined monitoring software, the server 51 transmits a determination result indicating that the display condition is satisfied to the terminal 21. Then, when the terminal 21 receives the determination result indicating that the display condition is satisfied from the server 51, the terminal 21 controls the display device 28 to display the secret file. In this way, the risk of information leakage can be reduced. For example, when a user displays a secret file on the display device 28 of the terminal 21 and performs business, the risk of information leakage can be reduced by the information leakage prevention function of the monitoring software executed by the terminal 21.

[Modification example]
15A to 15B show an example of processing of the terminal 21. 15A to 15B are used when the determination result shown in FIG. 12 indicates that the display is permitted (step S24; Y) and when the determination result does not indicate that the display is permitted (step S24; N). , An example of processing of the terminal 21 will be described. However, as an example, the terminal "PC001" and the terminal "PC003" correspond to the terminal 142a and the terminal 142b shown in FIG. 14, respectively. That is, it is assumed that the display device 151a is a display device provided in the terminal 142a shown in FIG. Similarly, it is assumed that the display device 151b is a display device provided in the terminal 142b shown in FIG. Further, it is assumed that the window 152a and the window 153a are display areas on the screen of the display device 151a, respectively. Similarly, it is assumed that the window 152b is a display area on the screen of the display device 151b.

First, a case where the terminal "PC001" is permitted to display the secret file on the display device 151a will be described. As described above, when the display of the secret file is permitted, the terminal "PC001" displays the secret file on the display device 151a. For example, the terminal "PC001" controls the display device 151a to display the contents of the secret file (or the contents of the secret information contained in the secret file) in the screen of the window 153a. Further, the terminal "PC001" may display a message in the screen of the window 152a. In that case, for example, the terminal "PC001" displays a message in the screen of the window 152a notifying the user that the secret file is displayed in the screen of the window 153a. In this way, it is possible to notify the user that the file contains confidential information and call attention so that the confidential information is not leaked.

Next, a case where the terminal “PC003” is not permitted to display the secret file on the display device 151b will be described. As described above, when the display of the secret file is not permitted, the terminal "PC003" displays a message indicating that the display of the secret file is not permitted in the screen of the window 152b. For example, the terminal "PC003" controls the display device 151b to display a message indicating the reason why the display device 151b is not permitted to display the secret file in the screen of the window 152b. By doing so, since the file to be displayed contains confidential information to the user and the terminal being used is not permitted to view the file, the confidential file is displayed on the display device 151b. Can be made aware that is not allowed.

Further, the user terminal is not limited to displaying a message in a window. For example, the message may be output to the user terminal using an audio device such as a speaker (not shown). In other words, the form may be such that the user recognizes the message notifying whether or not the secret file can be viewed.

[Hardware configuration]
FIG. 16 shows an example of the hardware configuration according to this embodiment. The terminal 21 is, for example, a CPU (Central Processing Unit) 162, a memory 163, a storage device 164, a NIC (Network Interface Card) 165, a medium reading device 166, an input device 167, and an output, each of which is connected to each other by a bus 161. It is an information processing device including the device 168.

The CPU 162 is a central processing unit that controls various operations in the terminal 21. The CPU 162 is a processor that reads out a program stored in the memory 163 or the storage device 164, processes it, and executes control. The collection unit 22, the detection unit 23, the acquisition unit 25, the communication unit 26, the output unit 27, and the display unit 29 shown in FIG. 2 may be realized by processing and control by the CPU 162.

The memory 163 is a memory such as a program for executing various processes described in the present embodiment and a RAM (Random Access Memory) for temporarily storing each data used for various processes.

The storage device 164 is a storage medium such as an HDD (Hard Disk Drive) or SSD (Solid State Drive) that stores programs for executing various processes described in the present embodiment and data used for various processes. Is.

Further, each of the memory 163 and the storage device 164 can function as the storage unit 24 shown in FIG. Further, the storage unit 24 shown in FIG. 2 does not necessarily have to be stored in the storage device 164. That is, it may be configured to be stored in a storage device outside the terminal 21.

NIC165 is hardware used for transmitting and receiving data via a wired or wireless network.

The medium reading device 166 is a device that reads data from a storage medium. The medium reading device 166 is, for example, a disk drive for reading data stored in a disk medium, a card slot for reading data stored in a memory card, and the like. The disc medium includes, for example, a storage medium such as a CD-ROM (Compact Disc Read Only Memory) or a DVD (Digital Versatile Disc). Further, a part or all of the data stored in the above-mentioned storage unit 24 may be stored in a recording medium that can be read by using the medium reading device 166.

The input device 167 is a device that receives an input or a command from the user of the terminal 21. The input device 167 is, for example, a keyboard, a mouse, a touch pad, or the like.

The output device 168 displays various information under the control of the CPU 162. Further, the output device 168 includes, for example, a liquid crystal display, an organic EL display, a plasma display, a projector and the like. Further, the output device 168 outputs various voice information under the control of the CPU 162. The output device 168 includes, for example, a speaker and the like. Further, the output device 168 can function as the display device 28 shown in FIG.

Each component of each device shown in FIG. 16 does not necessarily have to be physically configured as shown in FIG. That is, the specific form of distribution / integration of each device is not limited to that of FIG. 16, and all or a part thereof may be functionally or physically in an arbitrary unit according to various loads and usage conditions. It can be distributed and integrated. Further, the various processes described in the above embodiment can be realized by executing a program prepared in advance on a computer such as a PC or a workstation.

Further, the server 51 shown in FIG. 5 is configured in the same manner as the hardware configuration shown in FIG.

Further, although the case where the terminal 21 and the server 51 are configured separately has been described, the present embodiment is not limited to this. That is, the various processes described in this embodiment may be performed by an information processing device in which each device is integrated.

〔Control device〕
FIG. 17 shows an example of a functional block diagram of the control device 171. The control device 171 is, for example, an information processing device in which the terminal 21 shown in FIG. 2 and the server 51 shown in FIG. 5 function integrally. The control device 171 includes a processing unit 172 and a storage unit 173.

The processing unit 172 includes a determination unit 174, a display unit 175, and a control unit 176. The determination unit 174 has, for example, the same function as the determination unit 55 shown in FIG. The display unit 175 has, for example, the same function as the display unit 29 shown in FIG. The control unit 176 controls the display unit 175 (or the display device 28 shown in FIG. 2) based on the result of the determination by the determination unit 174, for example. Further, the control unit 176 has, for example, the same functions as the collection unit 22, the detection unit 23, the acquisition unit 25, and the output unit 27 shown in FIG. 2, respectively. Further, the processing unit 172 may be realized by the processing and control by the CPU 162 shown in FIG.

The storage unit 173 has, for example, the same functions as the storage unit 24 shown in FIG. 2 and the storage unit 53 shown in FIG. Further, the memory 163 and the storage device 164 shown in FIG. 16 can function as the storage unit 173, respectively. However, the storage unit 173 does not necessarily have to be stored in the storage device 164 shown in FIG. That is, the configuration may be such that it is stored in a storage device (not shown) outside the control device 171.

[Explanation of sequence diagram]
FIG. 18 shows an example of the process according to this embodiment. The information processing terminal 181 is, for example, the terminal 21 shown in FIG. The document server 182 is, for example, a server that stores a secret file. The policy management server 183 is, for example, the server 51 shown in FIG. Further, the document server 182 and the policy management server 183 may be configured by the same server (for example, the server 51).

FIG. 18 will explain an example of processing when a file viewer (user) tries to browse a secret file by using the information processing terminal 181. In FIG. 18, the same processing as that described in FIGS. 11 to 13 and the corresponding description is given the same reference number as in FIGS. 11 to 13 and the description thereof will be omitted. First, the information processing terminal 181 executes the processes of steps S11 to S12. After that, the terminal information (for example, the terminal information 31 shown in FIG. 3) is transmitted to the policy management server 183, and the display request (file display request) of the secret file to be viewed is transmitted to the document server 182. After that, the document server 182 determines the classification classification (file information, for example, the file information 41 shown in FIG. 4) of the secret information included in the secret file based on the file display request received from the information processing terminal 181. Send to. Further, the policy management server 183 registers the terminal information received from the information processing terminal 181 (for example, the process of step S32 is executed). The information processing terminal 181 that has received the file information from the document server 182 transmits the file information to the policy management server 183. After that, the policy management server 183 executes the processes of steps S33 to S35. The policy management server 183 transmits the determination result to the information processing terminal 181. After that, the information processing terminal 181 executes the process of step S14 based on the received determination result.

21 Terminal 22 Collection unit 23 Detection unit 24, 53, 173 Storage unit 25, 54 Acquisition unit 26, 52 Communication unit 27 Output unit 28 Display device 29, 175 Display unit 51 Server 55, 174 Judgment unit 161 Bus 162 CPU
163 Memory 164 Storage Device 165 NIC
166 Media reader 167 Input device 168 Output device 171 Control device 172 Processing unit 176 Control unit

Claims (7)

On the computer
Whether or not the display device built in or connected to the information processing device that requested the display of the file meets the conditions including the security requirements for the display device and the display conditions indicating the requirements for permitting the display of the file. Judging,
As a result of the determination, if the display device satisfies the display condition, the file is displayed on the display device, and if the display device does not satisfy the display condition, the file is not displayed on the display device. ,
A control program characterized by executing processing. The control program according to claim 1, wherein the display condition is determined based on information indicating the type of confidential information regarding the file. In the determination process, whether the identification information of the first display device stored in the first storage unit that stores the information of the display device permitted to display the file and the identification information of the display device match. Including determining whether or not the display device satisfies the display condition based on the display condition including whether or not.
The control program according to claim 1 or 2. In the determination process, it is determined whether or not the identification information of the first software stored in the second storage unit that stores the identification information of the predetermined software and the identification information of the software executed by the display device match. Including determining whether or not the display device satisfies the display condition based on the display condition including.
The control program according to any one of claims 1 to 3, wherein the control program is characterized by the above. The control process includes displaying information indicating the result determined by the determination process on the display device.
The control program according to any one of claims 1 to 4, wherein the control program is characterized by the above. The computer
Whether or not the display device built in or connected to the information processing device that requested the display of the file meets the conditions including the security requirements for the display device and the display conditions indicating the requirements for permitting the display of the file. Judging,
As a result of the determination, if the display device satisfies the display condition, the file is displayed on the display device, and if the display device does not satisfy the display condition, the file is not displayed on the display device. ,
A control method characterized by performing processing. Whether or not the display device built in or connected to the information processing device that requested the display of the file meets the conditions including the security requirements for the display device and the display conditions indicating the requirements for permitting the display of the file. Judgment unit to determine
As a result of the determination, if the display device satisfies the display condition, the file is displayed on the display device, and if the display device does not satisfy the display condition, the file is not displayed on the display device. Control unit and
A control device characterized by comprising.

Images