JP4000916B2 - Data management apparatus and data management program - Google Patents

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a data management device and a data management program, and more particularly, to a data management device and a data management program for appropriately setting access rights to digital data and complying with the access rights.
[0002]
[Prior art]
In general, in a computer system, using a user authentication mechanism and a file access control mechanism provided in a multi-user, multi-task operation system (OS), setting of access rights for data files storing digital data and compliance with the access rights are realized. is doing. For example, in the UNIX (registered trademark) OS, the owner of the file and the group to which the file belongs can be set in the data file, and the read right, write / delete for each of the owner / group user / other users. Rights and program execution rights can be set. A similar mechanism is also introduced in the Windows NT (registered trademark) OS of Microsoft Corporation.
[0003]
Further, a data management apparatus for setting an access right depending on an application such as a review request, approval, and registration has been conventionally known (Japanese Patent Laid-Open No. 8-50559: name of invention “file storage protection device”). FIG. 18 shows a system configuration diagram of an example of this conventional data management apparatus. In this figure, the system administrator 1800 uses the user access right setting means 1801 to register the user name and the group to which the user belongs in the user affiliation group list 1802, and the access permitted between the groups. Rights are set and the inter-group access right information is stored in the inter-group access right list 1803.
[0004]
When the access request is permitted and the file access is executed, the history data collection means 1810 stores the user name, access type, time, etc. in the history data file 1811 as an access history. Further, the access right and the file list to which the access right is applied are stored in the access right file name correspondence list 1812.
[0005]
On the other hand, the user 1804 inputs a command or the like via the user interface 1805, and the user possessed access right display means 1820, the access right holder display means 1821, the accessible file display means 1822, and the accessible file search means 1823. Then, the file access execution means 1824 is activated. These means 1820 to 1824 are also activated from the application software 1806 via the application software interface 1807.
[0006]
Also, the user interface 1805 refers to the user belonging group list 1802 and recognizes the group to which the user belongs, and then refers to the inter-group access right list 1803 to access the access right possessed by the group to which the user belongs. Recognize In this conventional data management apparatus, file access can be freely executed within a user group by setting the file access right for each group of users.
[0007]
In the above-mentioned various OSs and the above-described conventional data management devices, when a data file storing digital data is written in a data recording device of a computer system, there is a read right, a write / delete right, and a program execution right provided by the OS. And access rights such as review request, approval, and registration specific to the application that outputs the data file. In addition, when reading, modifying, reviewing, or approving data files stored in a data recording device of a computer system, the read, write / delete, review, and approval rights set in the data file must be observed. The digital data processing is realized.
[0008]
Further, as another conventional data management apparatus, a data management apparatus having an access control technology capable of inhibiting the access even if an intruder from the network attempts to read or write an illegal file using any user authority Is also known (Japanese Patent Laid-Open No. 2001-337864: title of invention “access control system”).
[0009]
FIG. 19 is a block diagram showing an example of this conventional data management apparatus. This data management apparatus uses a policy that permits access to a specific file only when a specific user uses a specific program. Further, the policy is registered in the policy file 1930, and the access information hooked by the file I / O hook program 1906 is passed to the access control program 1910 on the security OS 1904 via the inter-OS communication processing unit 1908, and the above policy is set. Based on access control.
[0010]
In this data management apparatus, an application that can access the data file recorded on the magnetic disk 1914a based on the access control information (FIG. 20) recorded on the policy file 1930 stored on the magnetic disk 1914b. Software can be limited.
[0011]
[Problems to be solved by the invention]
Incidentally, there are cases where digital data is shared by a plurality of users under access right management. For example, the user A may create the digital data Da, give a read / write access right to the user B, and give a read access right to the user C with respect to the digital data Da. As described above, when the access right information is given to the digital data and stored in the data recording device of the computer system, the conventional Windows NT OS creates the data file Fa for storing the digital data Da in the data recording device. In the security setting of the data file Fa, the user B is set to be readable and writable, and the user C is set to be readable.
[0012]
In this method, the access right to the digital data is set by replacing the access right to the data file, and the access right to the digital data is not set directly. For this reason, for example, the user C who can read the digital data Da reads the digital data Da and records the data file Fc storing the digital data in another data recording device of the same computer system, or the same data recording It is possible to record on the device under a different name, or to record on a data recording device of a different computer system such as a personal computer.
[0013]
Since the access right of the data file Fc is generally set by the user C, this access right may be different from the access right intended by the user A who is the creator of the digital data Da. For example, the user C can give an access right that the user D can read to the data file Fc. This indicates the possibility that the tectal data Da can be read by the user D to whom the user A does not give read permission, which is a problem.
[0014]
This problem arises when the access right to digital data is set by replacing the access right to the data file. The OS such as Unix OS and Windows NT OS, or the above-mentioned JP-A-8-50559 ( “File storage protection device”) and Japanese Patent Laid-Open No. 2001-337864 (“Access Control System”) are problems common to conventional devices.
[0015]
In addition, when digital data that emphasizes immediacy is shared by a plurality of users, not only whether or not each user can read, but “user A, user B, and user C can read until March 20”. You may want to set a limited access right. Further, there is a case where an access right depending on a user attribute value such as “readable if the user's age is 20 years or older” is set without explicitly specifying the user. Furthermore, in order to calculate the price for reading, there is a case where it is desired to set an access right such as “reading is possible with payment of 100 points with electronic money” or an access right “reading is possible on the condition that a questionnaire is answered after reading”. .
[0016]
However, in the above-described Unix OS and Windows NT OS, it is only possible to set access rights for readability, writeability, and execution permission for each user and group specified in advance by the OS. It is not possible to set access rights that are conditional on the execution of procedures such as access rights subject to payments, payment of consideration, or questionnaire responses.
[0017]
Further, in the conventional data management apparatus described in Japanese Patent Application Laid-Open No. H8-50559 shown in FIG. 18, the “registration request”, “approval request”, “change” depending on the application for the “read” or “write” access right. It is only possible to classify into the authority of “instruction” and “approval” and to set the permission / inhibition as an access right. Further, in the conventional data management apparatus described in Japanese Patent Application Laid-Open No. 2001-337864 shown in FIG. 19, “read”, “write”, “delete”, and “name change” access to a data file in which digital data is recorded is performed. Information that restricts possible programs is held as a policy file 1930 in the magnetic disks 1914a and 1914b connected to the server information processing apparatus 1900, but access rights with a time limit, access rights subject to user attribute values, It is not possible to set access rights that are conditional on the execution of procedures such as payments or questionnaire responses.
[0018]
The present invention has been made in view of the above points, and an object thereof is to provide a data management apparatus and a data management program for appropriately setting access rights to digital data and complying with the access rights.
[0019]
[Means for Solving the Problems]
In order to achieve the above object, the data management apparatus according to the present invention applies data management data to a data file that stores data, and stores data having read, write, and delete access rights as management information. In a data management apparatus that operates in compliance with the held access right, when application software that operates on the operation system of the computer system writes data to a data recording apparatus connected to the computer system, or in the data recording apparatus Data input / output API hook means for adding interrupt processing to data input / output processing in the operation system and application software when reading recorded data or deleting data recorded in the data recording device When writing data to the recording apparatus, the write access determination means for determining a write permission of the data, the data recorded in the data recording apparatus relating to the data Contains information that identifies the management information storage location and the data storage location When writing the data so that the application software does not erase it when it holds the first management information By writing the data in the storage location of the data identified by the first management information The configuration includes a writing management information masking means for concealing the first management information.
[0020]
In this invention, when the application software writes data to the data recording device, the first management information related to the data recorded in the data recording device is hidden so as not to be deleted. Is retained without being rewritten.
[0021]
In order to achieve the above object, the data management device of the present invention determines whether or not data can be read when the data input / output API hook means and the application software read data recorded in the data recording device. Read access determination means for determining and data recorded in the data recording device to provide necessary and sufficient information for the application software are related to the data Contains information that identifies the management information storage location and the data storage location When the first management information is held, when the data recording device reads the data By reading the data from the storage location of the data identified by the first management information It is configured to have a reading management information masking means for concealing the first management information.
[0022]
In the present invention, when the application software reads the data recorded in the data recording device, the first management information related to the data recorded in the data recording device is concealed. Even when the first management information is assigned to the data file, the application software can normally read the data without malfunction.
[0023]
In order to achieve the above object, the data management apparatus according to the present invention is a data input / output API hook for adding an interrupt process to the data input / output process in the operation system when deleting data recorded in the data recording apparatus. And deletion access determination means for determining whether or not data can be deleted when the data recorded in the data recording device is deleted by the application software. In the present invention, the application software determines whether or not data can be deleted when deleting data recorded in the data recording device, and deletes the data when it is determined that the data is to be deleted.
[0024]
In order to achieve the above object, the data management apparatus of the present invention includes a write completion detection means for detecting completion of data writing to the data recording apparatus by application software, and data writing from the data write completion detection means. First management information generating means for generating second management information corresponding to the data writing process of data upon receiving the completion detection signal, and adding or replacing the second management information with the data recorded in the data recording device And a first management information writing means for recording.
[0025]
In the present invention, after the writing is completed, the second management information corresponding to the data writing process is generated, and the second management information is recorded by adding or replacing the data recorded in the data recording device. Therefore, the latest management information can always be recorded in the data recording device.
[0028]
Furthermore, in order to achieve the above object, the data management apparatus of the present invention receives a determination result signal from the deletion access determination means, and corresponds to a data deletion process. 3 Generate management information for 2 Management information generation means, and 2 The management information is added to or replaced with the data recorded in the data recording device. 2 The management information writing means is further provided.
[0029]
In the present invention, when the data in the data recording device is deleted, the data corresponding to the data deletion processing is processed. 3 Generate management information for the 3 Since the management information is added or replaced with the data recorded in the data recording device, the latest management information can always be recorded in the data recording device.
[0030]
In order to achieve the above object, the data management program of the present invention manages a data file storing data for data that holds, as management information, access rights to read, write, and delete the data. In a data management program that operates in compliance with the access rights held in information, when application software that operates on the operation system of the computer system writes data to a data recording device connected to the computer system, or data recording A data input / output API hook means for adding an interrupt process to the data input / output process in the operation system, when reading the data recorded in the apparatus or deleting the data recorded in the data recording apparatus; Towea is, when data is written to the data recording apparatus, a write access determination means for determining the write permission data, the data recorded in the data recording apparatus relating to the data Contains information that identifies the management information storage location and the data storage location When management data is retained, when writing the data so that the application software does not erase it By writing the data to the storage location of the data identified by the management information The computer of the computer system is made to function as a management information masking unit at the time of writing for concealing management information.
[0031]
In this invention, when the application software writes data to the data recording device, the first management information related to the data recorded in the data recording device is concealed so as not to be erased. The management information is recorded and held as it is without being rewritten.
[0032]
The data management apparatus of the present invention is also provided when application software operating on an operation system of a computer system writes data to a data recording apparatus including a flexible disk and a hard disk connected to the computer system, or to the data recording apparatus. When reading the recorded data or deleting the data recorded in the data recording device, the data input / output API hook means for adding interrupt processing to the data input / output processing in the operation system and the application software When writing data to the recording device, the application software does not erase the write access determination means for determining whether data can be written and the management information regarding the data recorded in the data recording device. Management information masking means for concealing, reading access determining means for determining whether or not data can be read when the application software reads data from the data recording device, and for providing necessary and sufficient information to the application software Management information masking means for concealing management information relating to data recorded in the data recording device, and deletion for determining whether or not data can be deleted when the application software deletes the data recorded in the data recording device Access determination means, writing completion detecting means for detecting completion of data writing to the data recording apparatus by application software, reading completion detecting means for detecting completion of data reading from the data recording apparatus by application software, and data writing completion Detection The management information corresponding to the data writing process of the data is received by receiving the signal from the stage, the management information corresponding to the data reading process of the data is generated by receiving the signal from the data reading completion detecting means, or the deletion access determination A management information generating unit that receives a determination result signal from the unit and generates management information corresponding to the data deletion process, and a management information document that records the management information in addition to or in place of data recorded in the data recording device And a management information template storage means for storing a management information template, a read completion detection means, a write completion notification means, or a deletion access determination means as a management information generation means. Stored in management information template storage means for selecting a template of management information stored in template storage means Management information template selection means for selecting a management information template, system information acquisition means for acquiring system information including a computer system time or login user name, and a file name for identifying target data in the signal Management information composition means for generating management information related to the target data from the information, system information, and management information template selected by the management information template selection means; and the computer system operator displaying the generated management information Management information display confirmation means for prompting confirmation, and management information change means for the computer operator to change the generated management information.
[0033]
Further, the data management apparatus further includes an access recorded in the data recording device in any one, two, or three of the write access determination means, the read access determination means, and the deletion access determination means. Management information reading means for acquiring data to be determined and reading management information included in the data, access policy extracting means for extracting an access policy that is information on the access right included in the management information, and writing included in the access policy An access policy selection means for selecting an access policy related to access, read access, or deletion access, an access condition determination means for determining an access condition for all of the selected access policies, and a duty procedure included in the access policy are executed. With duty-execution means
[0034]
DETAILED DESCRIPTION OF THE INVENTION
Next, embodiments of the present invention will be described in detail with reference to the drawings. FIG. 1 is a block diagram showing the configuration of an embodiment of a data management apparatus according to the present invention. In the figure, a data management apparatus 100 is used when application software 111 operating on an operation system of a computer system writes data to a data recording apparatus 112 including a flexible disk and a hard disk connected to the computer system, or data recording. Data input / output API (Application Programming Interface) hook for adding interrupt processing to data input / output processing in the operation system when reading data recorded in the device or deleting data recorded in the data recording device A deletion access determination unit 101, a write access determination unit 102, a writing management information mask unit 103, a writing completion detection unit 104, a management information generation unit 105, a management information writing unit 106, a reading Completion detection 108, are formed of a management information masking unit 109 and the reading access determining unit 110 when reading. The above configuration of the data management apparatus 100 is realized by a computer by the data management program of the present invention.
[0035]
The deletion access determination unit 101 determines whether or not data can be deleted when the application software 111 deletes data recorded in the data recording device 112. The write access determination unit 102 determines whether data can be written when the application software 111 writes data to the data recording device 112. The management information masking unit 103 at the time of writing hides management information related to data recorded in the data recording device 112 so that the application software 111 does not erase it. The write completion detection unit 104 detects the completion of data writing to the data recording device 112 by the application software 111.
[0036]
Also, the management information generation unit 105 receives the signal from the data write completion detection unit 104, generates management information corresponding to the data writing process of the data, receives the signal from the data read completion detection unit 108, and receives the data data Management information corresponding to the reading process is generated, or a determination result signal from the deletion access determination unit 101 is received to generate management information corresponding to the data deletion process. The management information writing unit 106 records the management information by adding or replacing the data recorded in the data recording device 112.
[0037]
The reading completion detection unit 108 detects completion of data reading from the data recording device 112 by the application software 111. The management information masking unit 109 at the time of reading conceals management information related to data recorded in the data recording device 112 in order to provide necessary information to the application software 111. Further, the read access determination unit 110 determines whether data can be read when the application software 111 reads data from the data recording device 112.
[0038]
Next, each function of the data management apparatus 100 in FIG. 1 will be described with reference to FIGS. FIG. 2 is a diagram for explaining an example of the configuration of a computer system in which the data management apparatus 100 according to the present invention shown in FIG. 1 is introduced. 2, the computer system 201 includes the data management apparatus 100 illustrated in FIG. 1, and also includes application software 202 and a data recording apparatus 204.
[0039]
The application software 202 is application software that operates on the computer system 201 and corresponds to the application software 111 shown in FIG. The data recording device 204 is a data recording device such as a flexible disk, a hard disk, or a semiconductor memory introduced in the computer system 201, and corresponds to the data recording device 112 shown in FIG.
[0040]
Here, the application software 202 can write data to the data recording device 204 or delete data from the data recording device 204 even when the data management device 100 according to the present invention is not installed. Application software specific data is recorded in the recording device 204 like a data file 206. Further, when the data deletion process is executed from the application software 202, the data file 206 disappears from the data recording device 204.
[0041]
First, the operation of the computer system 201 in which the data management apparatus 100 according to the present invention is installed will be described. The user activates the application software 202 on the computer system 201 and performs appropriate operations to create application software specific data. Further, an operation for recording the created application software specific data in the data recording device 204 is performed. When the application software 202 is word processor software, these operations correspond to operations for creating a sentence and storing it in a file.
[0042]
When these operations are performed, the data management apparatus 100 works, and when writing about data is permitted, the user is prompted to perform an operation for creating management information including access right information, and the management information is generated. The data file 205 in which the application software specific data is recorded is recorded in the data recording device 204.
[0043]
Further, the user activates the application software 202 on the computer system 201 and performs an operation of reading data recorded in the data recording device 204. When the application software 202 is word processor software, this operation corresponds to an operation of opening a saved file and reading a sentence. When this operation is performed, the data management apparatus 100 works, and when reading about data is permitted, the management information is concealed from the data file 205 in which the management information and application software specific data are recorded, and only the application software specific data is stored. Is read by the application software 202.
[0044]
Alternatively, the user activates file management software as the application software 202 and performs an operation of deleting a data file recorded in the data recording device 204. When this operation is performed, the data management apparatus 100 works, and when deletion regarding data is permitted, a data file 207 in which management information including deleted information is recorded is recorded.
[0045]
Next, in the computer system 201 in which the data management device according to the present invention is installed, (1) when writing new data from the application software 202 to the data recording device 204, (2) from the data recording device 204 to the application software 202 When reading data, (3) when writing over an existing file from the application software 202 to the data recording device 204, or (4) deleting data from the data recording device 204 with the application software 202, The operation of the data management device will be described in detail.
[0046]
As for the above (1), (2), and (3), a word processor that creates sentence data as application software 202 is taken as an example. As for (4) above, file management software for managing data files recorded in the data recording device 204 is taken as an example of the application software 202.
[0047]
Note that the application software 202 activated in the computer system 201 in which the data management apparatus 100 according to the present invention is installed is not limited to these, and other application software that writes, reads, and deletes data in the data recording apparatus 204. But you can. Further, the application software for writing, reading, and deleting data is not limited to the same application software, and writing, reading, and deletion may be performed with different application software.
[0048]
First, a case where data is written from the word processor software to the data recording device 204 (112) will be described with reference to FIG. In FIG. 3, a screen 301 shows an example of a screen on which text data is created by word processor software. The user has created the sentence "Hello, we are long silence. How are you?".
[0049]
The data file 302 is an example of a data file to be written to the data management device when the word processor is activated in a computer system in which the data management device according to the present invention is not installed. In the data file 302 indicates the data type by data string of "TEXT", followed by "Hello, we are long silence. How are you?" Data string that has meaning the data corresponding to the text created by the user .
[0050]
When the computer system 201 in which the data management apparatus 100 according to the present invention is installed performs an operation of writing data to the data recording apparatus 204 (112), the data management apparatus 100 shown in FIG. Operate. That is, the data input / output API hook unit 107 in FIG. 1 does not have a data file having the same name as the data file name specified by the application software 111 (202 in FIG. 2) in the data recording device 112 (204 in FIG. 2). Confirm, and create a new data file by standard processing and write the data. Here, the standard process means a process when the data management apparatus 100 according to the present invention is not introduced. At this time, the data file recorded in the data recording device 112 is the same as the data file 302.
[0051]
When the application software 111 finishes writing the data, the write completion detection unit 104 detects the completion of the data write and notifies the management information generation unit 105 of a write completion signal. The write completion signal only needs to include (1) an identifier for identifying the completion of writing and (2) an identifier for identifying the data file for which writing has been completed. The management information generation unit 105 that has received the write completion signal generates the management information 303 shown in FIG. 3 such as “writable as an access right, readable, creation date is March 3, 2002”. The management information writing unit 106 is notified of the management information 303 and the data file identifier included in the write completion signal.
[0052]
The management information writing unit 106 searches the data recording device 112 for a data file identified from the data file identifier input from the management information generating unit 105, and rewrites the data file 304 shown in FIG. As shown in FIG. 3, the data file 304 has a value indicating the storage location of the application software specific data, that is, the offset byte number up to the data string “TEXT” in the case of FIG. Management information, that is, management information 303 and application software specific data.
[0053]
Next, the case of reading data from the data recording device 112 to the word processor software will be described with reference to FIG.
[0054]
In FIG. 4, a data file 401 indicates a data file recorded in the data recording device 112 and is the same as the data file 304 described above. The application software 111 in FIG. 1 instructs the reading of the data file 401 by specifying the identifier of the data file 401 recorded by the data recording device 112, generally the file name. The data input / output API hook unit 107 in FIG. 1 reads the data in the data file 401 recorded in the data recording device 112 and passes it to the read access determination unit 110. The read access determination unit 110 interprets the management information 402 shown in FIG. 4 included in the read data and determines whether data can be read. Since the management information 402 includes an access right that allows reading, the read access determination unit 110 determines that data can be read.
[0055]
Next, the management information mask unit 109 at the time of reading in FIG. 1 hides the management information included in the data file 401 with reference to the value indicating the storage location of the application software specific data included in the data file 401, The data is transferred to the input / output API hook unit 107. The concealment process is realized, for example, by adding a value indicated by an offset to a value indicating the file reading position. That is, when the application software tries to read the first n bytes of data, the offset value o is added and the n + o bytes of data from the beginning of the data file are transferred to the application software 111.
[0056]
In this way, the application software 111 completes reading the data file 401 and displays the screen 404 shown in FIG. When the application software 111 completes the reading, the reading completion detection unit 108 illustrated in FIG. 1 detects the data reading completion, and notifies the management information generation unit 105 of a reading completion signal. The read completion signal may include an identifier for identifying the completion of reading and an identifier for identifying the data file that has been read.
[0057]
The management information generation unit 105 in FIG. 1 that has received the read completion signal indicates, for example, “Writable and readable as access right, creation date is March 3, 2002, and read date is March 4, 2002”. The management information 405 shown in FIG. 4 is generated, and the management information writing unit 106 is notified of the management information 405 and the data file identifier included in the read completion signal.
[0058]
The management information writing unit 106 finds the data file identified from the data file identifier from the data recording device 112 and rewrites the data file 406 as shown in FIG. The data file 406 includes a value indicating the storage location of data unique to the application software, management information 405 generated by the management information generation unit 105, and application software specific data. Specifically, information relating to the reading date is added to the data file 401 as management information, and the offset value is increased in response thereto.
[0059]
Next, the case where the existing file is overwritten and written in the data recording device from the word processor software will be described with reference to FIG.
[0060]
In FIG. 5, a screen 501 schematically shows how a sentence is being edited by word processor software. Here, the character string “Genki” is changed to a character string “Genki”. Hereinafter, the operation of the data management apparatus according to the present invention when the word processor software is operated and the application software specific data is overwritten on the existing file after the editing will be described.
[0061]
In FIG. 5, a data file 502 indicates an existing file existing in the data recording device 112. This data file 502 is the same as the data file 406 described above. The data input / output API hook unit 107 in FIG. 1 hooks a process of writing data by specifying a file name executed by the application software 111. Then, when it is confirmed that the data file identified by the designated file name exists in the data recording device 112, the processing is transferred to the write access determination unit 102.
[0062]
The write access determination unit 102 reads the management information 503 shown in FIG. 5 from the data file 502 existing in the data recording device 112, and determines whether or not writing is possible. In the management information 503, since the access right “write enabled” is set, it is determined that writing is possible. If the write access determination unit 102 determines that writing is possible, the process moves to the write time management information mask unit 103.
[0063]
The management information masking unit 103 at the time of writing conceals the management information recorded in the data file 502 as indicated by 504 in FIG. The concealment process is realized, for example, by adding a value indicated by an offset to a value indicating the file writing position. That is, when the application software 111 tries to write data to the first n bytes, the offset value o is added and the data is written to the n + o bytes from the beginning of the data file. The writing management information mask unit 103 shown in FIG. 1 returns the processing to the data input / output API hook unit 107, and the data input / output API hook unit 107 performs standard write processing.
[0064]
As a result of this series of processing, the data file immediately after the word processor software writes the data, as shown in FIG. 5, the character string “Genki” in the existing data file 502 existing in the data recording device 112 is called “Genki”. The data file 505 is changed to a character string.
[0065]
When the writing is completed by the word processor software, the writing completion detection unit 104 detects the writing completion and notifies the management information generation unit 105 of a writing completion signal. For example, the management information generation unit 105 generates management information 506 in which the write permission shown in FIG. 5 is changed to delete permission. The management information writing unit 106 writes the management information 506 in the data file 505 and changes it to the data file 507 shown in FIG.
[0066]
Next, the case where the existing data is deleted from the data recording device using the file management software will be described with reference to FIG.
[0067]
In FIG. 6, a screen 601 schematically shows an operation of deleting a data file using file management software. Here, the data file “greeting.txt” is deleted. At this time, the data input / output API hook unit 107 in FIG. 1 hooks the process of deleting the file by specifying the file name executed by the application software 111, and the specified file exists in the data recording device 112. Is confirmed, the process proceeds to the deletion access determination unit 101.
[0068]
The deletion access determination unit 101 in FIG. 1 reads the management information 603 shown in FIG. 6 from the data file 602 shown in FIG. 6 (same as the data file 507 in FIG. 5) existing in the data recording device 112, and determines whether or not deletion is possible. judge. In this example, the access right “deletable” is set in the management information 603, so it is determined that the management information 603 can be deleted. The deletion access determination unit 101 in FIG. 1 notifies the management information generation unit 105 of a deletion signal. The deletion signal only needs to include an identifier for identifying the deletion signal and an identifier for identifying the data file to be deleted.
[0069]
The management information generation unit 105 that has received the deletion signal, for example, “can be deleted as an access right, can be read, the creation date is March 3, 2002, the reading date is March 4, 2002, and the update date is March 2002. The management information 604 shown in FIG. 6 in which the deletion date is added to the management information 603 such as “4th, deletion date is March 5, 2002” is generated, and the management information 604 and the data file included in the deletion signal are generated The identifier is notified to the management information writing unit 106 in FIG.
[0070]
The management information writing unit 106 searches the data recording device 112 for the data file identified by the data file identifier, and rewrites the data file 602 shown in FIG. The data file 605 includes (1) a value indicating the storage location of data specific to the application software, (2) management information 604 generated by the management information generation unit 105, and (3) data specific to the application software. .
[0071]
In the data file 605, the management information 604 including the deletion date is given to indicate that the deletion operation has been performed on the data file 605. In addition, in the read access determination unit 110 described above, with respect to data in which the deletion date is described in the management information, the data file 605 is recorded as data from the application software 111 by restricting reading of the existence of the data. It can be shown as not present in device 112.
[0072]
Next, a more detailed embodiment of the management information generation unit 105 will be described. FIG. 7 shows a block diagram of an embodiment of the management information generation unit 105 in FIG. In FIG. 7, the management information generation unit 105 receives a management information template storage unit 701 that stores a template of management information and a write completion signal, a read completion signal, or a deletion signal, and stores them in the management information template storage unit 701. A management information template selection unit 702 that selects a management information template, a system information acquisition unit 704 that acquires system information including a computer system time or a login user name, a write completion signal, a read completion signal, or a deletion Using the information including the file name notified by the signal and the system information acquired by the system information acquisition unit 704, the management information template selected by the management information template selection unit 702 is supplemented to synthesize the management information. Management information generation unit 703 and the user What a management information display confirmation unit 705 that displays to allow content confirmation of the management information, and a management information change section 706 Metropolitan changing the management information as needed by the user.
[0073]
Next, each function of the management information generation unit 105 illustrated in FIG. 7 will be described with reference to FIGS. FIG. 8 shows an example of the management information template stored in the management information template storage unit 701. As shown in FIG. 8, this management information template includes a management information template 801 for creating new data, a management information template 802 for reading data, a management information template 803 for updating data, and management information for deleting data. Template 804.
[0074]
The description of “access right: writable + readable” in the management information template 801 for creating new data is “writable + readable” in the item “access right” in the management information created using this template. Is recorded. In addition, in the description of “creation date: $ DATE”, the date of newly creating data, for example, “March 3, 2002” is recorded in the item “creation date” of the same management information. Which indicates that. The description “update date: (−ALL)” indicates that the item “update date” is not recorded in the same management information.
[0075]
In addition, the description “reader: (+) $ USER” in the management information template 802 for data reading indicates that the management information is created by using this template 802 as “reader” in the existing management information. If there is no item, add the item and record identification information for identifying the user who is performing the reading process. If there is an item “reader”, in addition to the identification information for identifying the existing reading user, It shows that identification information for identifying a user is recorded by reading processing.
[0076]
For example, when user A first reads certain data, information “reader: user A” is recorded. Next, when user B reads, information “reader: user A + user B” is recorded. “Access right: (+)” indicates that the existing item “access right” is maintained without deleting or adding information. The other items in the template are interpreted in the same way.
[0077]
The management information template selection unit 702 shown in FIG. 7 is based on the signal identifier included in the signals from the write completion detection unit 104, the read completion detection unit 108, and the deletion access determination unit 101 shown in FIG. An optimal template is selected from the templates stored in the storage unit 701. In this case, the template may be simply determined from the signal identifier, or when a different template is prepared for each season or user, the template may be selected according to the season or user.
[0078]
In addition, the system information acquisition unit 704 acquires information about the system including the current time or the login user name directly from the operation system or information that can be accessed by the operation system. For example, the system information acquisition unit 704 can acquire the gender and age of the logged-in user corresponding to the logged-in user name by allowing the operation system to access information about the user such as gender and age.
[0079]
Further, the management information combining unit 703 reads the management information included in the existing file recorded in the data recording device 112 shown in FIG. 1 from the identifier for identifying the file such as the file name included in the signal, and manages the file. In accordance with the management information template selected by the information template selection unit 702, the system information acquired by the system information acquisition unit 704 is synthesized to generate new management information.
[0080]
Next, an example of processing in the management information template selection unit 702 and the management information composition unit 703 will be described with reference to the flowchart of FIG. The management information template selection unit 702 determines whether the input signal identifier is read, updated, or deleted (steps S1, S2, S3), and selects the template 802, 803, or 804 corresponding to the determination result as management information. Selection is made from the template storage unit 701 (steps S4, S5, S6). When the input signal identifier is neither read, updated, nor deleted, the management information template selection unit 702 selects a new data creation management information template 801 from the management information template selection unit 702 (step S7).
[0081]
When the management information template selection unit 702 selects the management information template 802 for data reading, the management information template 803 for data update, or the management information template 804 for data deletion, the management information composition unit 703 The management information included in the existing file recorded in the data recording device 112 shown in FIG. 1 is read from the identifier for identifying the file such as the file name included in the signal from the acquisition unit 704, and the management information combining unit 703 Is stored in the management information work memory 901 provided in (Step S8).
[0082]
Subsequently, the management information composition unit 703 has the same item as the item described as “(−ALL)” in the templates 802 to 804 and 801 selected by the management information template selection unit 702 in any of steps S4 to S7. Is included in the management information stored in the management information work memory 901, the item is deleted from the management information on the management information work memory 901 (step S9). Also, the management information composition unit 703 replaces the templates 802 to 804 and 801 selected by the management information template selection unit 702 in any of steps S4 to S7 with system information such as “$ DATE” and “$ USER”. When a character string is indicated, the corresponding system information is read from the system information work memory 902 provided in the system information acquisition unit 704, and each item of management information on the management information work memory 901 is added. Alternatively, information of each item is replaced or added (step S10). Through the series of processes described above, new management information is generated on the management information work memory 901.
[0083]
FIG. 10 shows an example of a screen displayed on the display or the like of the computer system by the management information display confirmation unit 705 shown in FIG. The management information generated by the management information synthesizing unit 703 is displayed on the screen of the computer system display or the like by the management information display confirmation unit 705 in an easy-to-understand manner for the user using characters, graphics, etc. as indicated by 1001 in FIG. The A user who confirms the display of the screen 1001 acknowledges the management information to be added to the data by pressing the “OK” button 1002 in the screen 1001.
[0084]
When the displayed management information is to be changed, a screen as shown in a screen 1004 in FIG. 10 is displayed by pressing an “edit” button 1003 in the screen 1001. A screen 1004 shows an example of a user interface that can change an access right, a creation date, and the like. Using the input device connected to the computer system, the user changes necessary items to necessary information, or presses an “add item” button 1005 to add management information items and set information. be able to.
[0085]
When the editing of the management information is completed, the user presses an “OK” button 1006 in the screen 1004 to notify the management information changing unit 706 shown in FIG. The management information changing unit 706 displays the management information changed by the user again in the management information display confirming unit 705 and confirms the management information by the user.
[0086]
Next, the write access determination unit 102 shown in FIG. 1 will be described in more detail. FIG. 11 shows a block diagram of an embodiment of the write access determination unit 102. In FIG. 11, the write access determination unit 102 includes a management information reading unit 1101, an access policy extraction unit 1102, an access policy selection unit 1103, an access condition determination unit 1104, and an obligation execution unit 1105.
[0087]
The management information reading unit 1101 acquires the access determination target data recorded in the data recording device 112 and reads the management information included in the data. Further, the access policy extraction unit 1102 extracts an access policy as information related to the access right included in the management information. The access policy selection unit 1103 selects an access policy related to write access from among the access policies. The access condition determination unit 1104 determines an access condition included in the access policy selected by the access policy selection unit 1103. In addition, the duty execution unit 1106 executes a specified procedure when an access condition that permits the execution of the procedure specified in the access policy is included.
[0088]
Next, the operation of the write access determination unit 102 shown in FIG. 11 will be described with reference to FIGS. FIG. 12 shows an example of management information 1201 read by the management information reading unit 1101. This management information 1201 corresponds to the management information 303, management information 405, management information 506, management information 604, etc. described above, but describes the access right included in the management information in more detail.
[0089]
An example of the syntax describing the access right included in the management information 1201 is shown in FIG. FIG. 13 shows a syntax 1301 describing the access right and a supplementary explanation 1302 of the syntax description. The access policy extraction unit 1102 shown in FIG. 11 extracts the access policy by interpreting the information on the access right included in the management information 1201 with the syntax 1301 shown in FIG.
[0090]
First, the access policy extraction unit 1102 interprets that the access right included in the management information 1201 includes the access policy 1401, the access policy 1402, and the access policy 1403 shown in FIG. Next, each access policy is individually interpreted to obtain an interpretation result as shown in FIG.
[0091]
In FIG. 15, the interpretation result 1501 of the access policy 1401 indicates that the access policy 1401 is “a type of access policy that permits data reading access, and the age of the operating subject is 20 years or older as a permission condition”. . Accordingly, the policy 1401 indicates that a user 20 years or older may view the data.
[0092]
The access policy 1402 interpretation result 1502 indicates that the access policy 1402 is “a type of access policy that prohibits data update access, and the name of the operating subject is other than the user B as a prohibition condition”. Therefore, the policy 1402 indicates that only the user B can access data update.
[0093]
Further, the interpretation result 1503 of the access policy 1403 indicates that the access policy 1403 is “the type of access policy that imposes an obligation on data read access, and the operation subject is obliged to notify the owner A in every read operation”. Is shown. Therefore, the policy 1403 indicates that the owner A is notified when data is read.
[0094]
As described above, the access policy is interpreted for each of the operation subject attribute, the operation type, the type, the condition, and the duty. The operation subject attribute includes a user name, a user age, and a current year as indicated by 1504 in FIG. The date, HD remaining capacity, communication speed, and the like, and the operation type includes reading, updating, and deletion as indicated by 1505. Further, the obligation includes a notification obligation, a payment obligation, a deletion obligation, a log recording obligation, and the like, as indicated by reference numeral 1506 in FIG.
[0095]
The access policy selection unit 1103 illustrated in FIG. 11 selects an access policy related to a write operation from the access policies extracted and interpreted by the access policy extraction unit 1102. Specifically, an access policy in which “operation” is designated as “update” is selected. In FIG. 15, the access policy 2 (policy2) indicated by 1502 is selected.
[0096]
The access condition determination unit 1104 illustrated in FIG. 11 determines whether “condition” is satisfied for all of the selected access policies. Conditional expressions are described using attributes and constants of the operation subject. The conditional expression “the age of the operation subject is 20 or more” is described as “f.agc> = 20”, where f is a variable representing the operation subject. The operation subject is the user who generated the operation and the system thereof, and can be acquired in the same manner as the system information acquisition unit 704 described above.
[0097]
Further, the access condition determination unit 1104 performs the management at the time of writing shown in FIG. 1 when the condition is satisfied when the access policy type is permitted and when the condition is not satisfied when the access policy type is prohibited. Instructs the information mask unit 103 to continue processing. In the case where the access policy type is duty, if the condition is satisfied, the duty execution unit 1105 is instructed to execute the duty. The duty execution unit 1105 completes the instructed duty procedure, and when the procedure is correctly performed, instructs the management information mask unit 103 at the time of writing to continue processing.
[0098]
Here, in the access condition determination unit 1104, if the condition is not satisfied when the access policy type is permitted or required, or if the condition is satisfied when the access policy type is prohibited, the write access determination process is interrupted. To do. Further, if the duty procedure described in the access policy is not correctly performed in the duty execution unit 1105, the write access determination process is interrupted. When the write access determination process is interrupted, the user may be notified that the write access is not permitted due to the reason of the access policy, if necessary.
[0099]
Next, details of the read access determination unit 110 illustrated in FIG. 1 will be described. The read access determination unit 110 can also be realized by a configuration similar to the block configuration of the write access determination unit 102 shown in FIG. In the case of the write access determination unit 102, the access policy selection unit 1103 selects the access policy related to the write operation, but the read access determination unit 110 only needs to select the access policy related to the read operation. Further, the access condition determination unit 1104 or the duty execution unit 1105 constituting the read access determination unit 110 instructs the management information mask unit 109 during reading to continue processing. The interruption of the read access determination process is the same as the interruption of the write access determination process.
[0100]
Next, details of the deletion access determination unit 101 shown in FIG. 1 will be described. The deletion access determination unit 101 can also be realized with the same configuration as the details of the write access determination unit 102 shown in FIG. In the case of the write access determination unit 102, the access policy selection unit 1103 selects the access policy related to the write operation, but the deletion access determination unit 101 only needs to select the access policy related to the deletion operation. Further, the access condition determination unit 1104 or the duty execution unit 1105 constituting the deletion access determination unit 101 instructs the management information generation unit 105 to continue processing. The interruption of the deletion access determination process is the same as the interruption of the write access determination process.
[0101]
As described above, in this embodiment, when the application software 111 reads the data recorded in the data recording device 112 by the reading management information mask unit 109, the management related to the data recorded in the data recording device 112 is performed. By concealing and reading the information, it is possible to prevent management information (for example, unique access control information) from being added to a data file of general application software such as word processing software. Since the management information is concealed and written in 103, the data of the data recording device 112 can be read and written from the word processor software in the same way as a normal file.
[0102]
Also, if a file with access rights is added and distributed separately from the application data file, there is a risk that the data file and the access right file will be separated from time to time, but this risk can be prevented beforehand. it can.
[0103]
Furthermore, in the present embodiment, when the access condition is established by the access condition determination unit 1104, the obligation execution unit 1105 executes the procedure of the obligation 1506 in each example shown in FIG. 15 included in the access policy. Setting of access rights with a time limit such as allowing reading with a time limit, setting of access rights that depend on user attributes without specifying the user, payment of consideration and answering questionnaires, etc. It is possible to set the access right on condition of execution and comply with the access right.
[0104]
Next, another example in which the data management apparatus of the present invention is introduced will be described. 16 and 17 show system configuration diagrams of other examples of the computer system in which the data management apparatus according to the present invention is introduced, respectively. In the embodiment shown in FIG. 2, the example in which the data management apparatus 100 according to the present invention is introduced into one computer system is shown. However, the introduction of the data management apparatus according to the present invention is implemented in one computer system as shown in FIG. Instead of closing, as shown in FIG. 16 and FIG. 17, it can also be introduced into a plurality of computer systems connected by a network.
[0105]
The computer system shown in FIG. 16 includes data management apparatuses 100a, 100b, and 100c according to the present invention having the configuration shown in FIG. 1 in the personal computers 1601, 1602, and 1603 of the users A, B, and C, respectively. Commercially available word processing software 1607, 1608 and 1609 operating on the personal computers 1601, 1602 and 1603 are also provided. On the other hand, a data recording device 1605 is provided in the general-purpose file server 1604, and data management devices 100a, 100b, and 100c are connected to the data recording device 1605.
[0106]
In this computer system, when user A or user B creates document data using commercially available word processing software 1607 or 1608, an access policy is given so that user A and user B can read and write data records in general-purpose file server 1604. When saved in the device 1605, the user A and the user B access from the personal computers 1601 and 1602, respectively, and based on the access policy extraction and access condition determination by the data management devices 100a and 100b, the commercial word processing software 1607 and 1608 Although the user C can read and write data, the user C cannot read and write the document data using the commercially available word processor software 1609 by the data management apparatus 100c.
[0107]
As described above, in this computer system, the data management apparatuses 100a and 100b of the present invention are applied to document sharing, and the user A and the user B can arbitrarily select the data file 1606 managed by the general-purpose file server 1604. Access control can be performed by granting access rights.
[0108]
Next, the computer system shown in FIG. 17 will be described. This computer system is a content transmission / reception system in which data (content) distributed from the content distribution server 1701 is received by the content reception clients 1702 and 1703. Each of the content distribution server 1701 and the content reception clients 1702 and 1703 has the present invention. Data management devices 100d, 100e, and 100f are provided.
[0109]
The content transmission server 1701 uses a commercially available content transmission application software (hereinafter abbreviated as “application”) 1706 to store a data file 1704 assigned an access policy that only the client 1702 can be stored by the data management apparatus 100d. The data file 1704 is read from 1705 and transmitted to the content receiving clients 1702 and 1703.
[0110]
The content receiving clients 1702 and 1703 receive the transmitted data file (content) 1704 separately, and when the content data is written in the data recording devices 1708 and 1709 by the commercially available content receiving applications 1707 and 1709, the data management device 100e. And 100f, the access policy is extracted to determine the access condition.
[0111]
Here, based on the policy that only the content receiving client 1702 can be stored, access control is performed such that the content data is recorded only in the data recording device 1708 of the content receiving client 1702 and cannot be recorded in the data recording device 1706 by the content receiving client 1703. Can be realized.
[0112]
【The invention's effect】
As described above, according to the present invention, even when general application software such as word processing software reads and writes data information to which management information including access rights related to the data is added and recorded, By concealing this management information when the software reads the data, it is possible for the application software to read the data normally, and when the application software writes the data, this management information is concealed. This makes it possible to prevent management information from being lost from the data file. As a result, the data file and the management information that are generated when the management information including the access right related to the data is recorded and held separately from the data file of the application software are distributed separately, and the access related to the data is performed. The risk of non-compliance with rights can be prevented.
[0113]
Further, according to the present invention, when the access condition is established by the access condition determination unit, the obligation procedure included in the access policy is executed, so the access right with a time limit such as permitting reading with a time limit is set. Set access rights that are subject to the execution of procedures specified by the data creator, such as setting access rights that do not specify a user and relying on user attributes, paying consideration, and answering surveys. Can be observed.
[Brief description of the drawings]
FIG. 1 is a block diagram showing a configuration of an embodiment of the present invention.
FIG. 2 is a configuration diagram of an example of a computer system in which the data management apparatus of the present invention is introduced.
FIG. 3 is a diagram for explaining an operation when new data is created and saved by word processor software;
FIG. 4 is a diagram for explaining an operation when data is read by word processor software;
FIG. 5 is a diagram for explaining an operation when data is overwritten and saved by word processor software;
FIG. 6 is a diagram for explaining an operation when data is deleted by file management software;
7 is a block diagram of an embodiment of the management information generation unit in FIG. 1. FIG.
8 is a diagram showing an example of a management information template stored in a management information template storage unit in FIG. 7. FIG.
9 is a flowchart showing an example of processing in a management information template selection unit and management information composition unit in FIG. 7;
10 is a diagram showing an example of a screen displayed on the display or the like of the computer system by the management information display confirmation unit in FIG. 7;
11 is a block diagram of an embodiment of a write access determination unit in FIG. 1. FIG.
12 is a diagram illustrating an example of management information read by a management information reading unit in FIG. 11. FIG.
FIG. 13 is a diagram illustrating an example of a syntax describing an access right included in management information.
FIG. 14 is a diagram illustrating an example of an access policy.
FIG. 15 is a diagram illustrating an interpretation example of an access policy.
FIG. 16 is a block diagram showing another example of a system configured by introducing a data management apparatus according to the present invention.
FIG. 17 is a configuration diagram showing still another example of a system configured by introducing a data management apparatus according to the present invention.
FIG. 18 is a configuration diagram of an example of a conventional device.
FIG. 19 is a configuration diagram of another example of a conventional apparatus.
20 is a diagram showing a policy file in FIG. 19. FIG.
[Explanation of symbols]
100, 100a, 100b, 100c, 100d, 100e, 100f Data management device
101 Deletion access determination unit
102 Write access determination unit
103 Write-time management information mask part
104 Write completion detection unit
105 Management information generator
106 Management information writing unit
107 Data input / output API hook part
108 Reading completion detection unit
109 Reading management information mask part
110 Reading Access Determination Unit
111, 202 Application software
112, 204, 1605, 1705, 1708, 1710 Data recording apparatus
201 Computer system
205, 206, 207, 302, 304, 401, 406, 502, 505, 507, 602, 605, 1606, 1704 Data files
301, 404 Word processor software editing screen
303, 402, 405, 503, 506, 603, 604, 1201 Management information
403 Application software specific data
501 Word processor software editing screen
504 Data file with hidden management information
601 File management software operation screen
701 Management information template storage unit
702 Management information template selection unit
703 Management information composition unit
704 System information acquisition unit
705 Management information display confirmation section
706 Management information change part
801 Management information template for creating new data
802 Management information template for data reading
803 Data update management information template
804 Management information template for data deletion
805 Template interpretation rules
901 Management information work memory
902 System information work memory
1001 Management information confirmation screen
1002 Management information confirmation button
1003 Edit button for management information
1004 Management information edit screen
1005 Button for adding management information items
1006 Management information edit end button
1101 Management information reading unit
1102 Access policy extraction unit
1103 Access policy selection section
1104 Access condition determination unit
1105 Duty execution department
1301 Syntax of access policy description
1302 Supplementary explanation of syntax of access policy description
1401, 1402, 1403 Access policy
1501, 1502, 1503 Access policy interpretation result
1504 Example of operation subject attribute
1505 Example of operation type
1506 Example of obligations
1601 User A's personal computer
1602 User B's personal computer
1603 User C's personal computer
1604 General-purpose file server
1607, 1608, 1609 Commercial word processing software
1701 Content transmission server
1702, 1703 Content receiving client
1706 Commercial Content Transmission Application Software
1707, 1709 Commercially available content receiving application software

Claims (18)

In a data management apparatus that operates in compliance with the access right held in the management information for the data that holds the access right for reading, writing, and deleting the data as management information in the data file that stores the data,
When application software operating on an operation system of a computer system writes data to a data recording device connected to the computer system, or when reading data recorded in the data recording device, or the data recording device Data input / output API hook means for adding interrupt processing to data input / output processing in the operation system when deleting data recorded in
When the application software writes data to the data recording device, write access determination means for determining whether the data can be written;
The application software does not erase when the data recorded in the data recording apparatus holds the first management information including information for identifying the storage position of the management information and the storage position of the data related to the data And a writing management information masking means for concealing the first management information by writing the data at a data storage location identified by the first management information when the data is written. Characteristic data management device. In a data management apparatus that operates in compliance with the access right held in the management information for the data that holds the access right for reading, writing, and deleting the data as management information in the data file that stores the data,
When application software operating on an operation system of a computer system writes data to a data recording device connected to the computer system, or when reading data recorded in the data recording device, or the data recording device Data input / output API hook means for adding interrupt processing to data input / output processing in the operation system when deleting data recorded in
When the application software reads data recorded in the data recording device, read access determination means for determining whether the data can be read;
In order to provide necessary and sufficient information for the application software, the data recorded in the data recording device includes first management information including information for identifying a storage position of management information and a storage position of the data. A management at the time of reading that conceals the first management information by reading the data from the storage location of the data identified by the first management information when the data recording device reads the data, A data management device comprising: information masking means; In a data management apparatus that operates in compliance with the access right held in the management information for the data that holds the access right for reading, writing, and deleting the data as management information in the data file that stores the data,
When application software operating on an operation system of a computer system writes data to a data recording device connected to the computer system, or when reading data recorded in the data recording device, or the data recording device Data input / output API hook means for adding interrupt processing to data input / output processing in the operation system when deleting data recorded in
A data management apparatus comprising: a deletion access determination unit that determines whether or not the data can be deleted when the application software deletes data recorded in the data recording apparatus.   A write completion detection means for detecting completion of data writing to the data recording device by the application software, and a data write completion detection signal from the data write completion detection means, and corresponding to data writing processing of the data First management information generating means for generating second management information, and first management information writing means for recording the second management information by adding or replacing the data recorded in the data recording device The data management apparatus according to claim 1, further comprising:   Receiving a determination result signal from the deletion access determining means, and generating second management information generating means for generating third management information corresponding to the data deletion processing; and recording the second management information in the data recording device 4. The data management apparatus according to claim 3, further comprising second management information writing means for recording data added to or replaced with the recorded data. In a data management apparatus that operates in compliance with the access right held in the management information for the data that holds the access right for reading, writing, and deleting the data as management information in the data file that stores the data,
When application software operating on an operation system of a computer system writes data to a data recording device connected to the computer system, or when reading data recorded in the data recording device, or the data recording device Data input / output API hook means for adding interrupt processing to data input / output processing in the operation system when deleting data recorded in
When the application software writes data to the data recording device, write access determination means for determining whether the data can be written;
When the data recorded in the data recording apparatus holds the first management information including information for identifying the storage position of the management information and the storage position of the data , the application software does not erase A writing management information masking means for concealing the first management information by writing the data in a data storage location identified by the first management information when writing the data,
When the application software reads data recorded in the data recording device, read access determination means for determining whether the data can be read;
When the data recorded in the data recording device holds the first management information related to the data in order to provide necessary and sufficient information for the application software, the data recording device reads the data. A data management apparatus comprising: a read-time management information masking means for concealing the first management information by reading the data from a data storage position sometimes identified by the first management information. In a data management apparatus that operates in compliance with the access right held in the management information for the data that holds the access right for reading, writing, and deleting the data as management information in the data file that stores the data,
When application software operating on an operation system of a computer system writes data to a data recording device connected to the computer system, or when reading data recorded in the data recording device, or the data recording device Data input / output API hook means for adding interrupt processing to data input / output processing in the operation system when deleting data recorded in
When the application software reads data recorded in the data recording device, read access determination means for determining whether the data can be read;
In order to provide necessary and sufficient information for the application software, the data recorded in the data recording device includes first management information including information for identifying a storage position of management information and a storage position of the data. A management at the time of reading that conceals the first management information by reading the data from the storage location of the data identified by the first management information when the data recording device reads the data, Information mask means;
A data management apparatus comprising: a deletion access determination unit that determines whether or not the data can be deleted when the application software deletes data recorded in the data recording apparatus. In a data management apparatus that operates in compliance with the access right held in the management information for the data that holds the access right for reading, writing, and deleting the data as management information in the data file that stores the data,
When application software operating on an operation system of a computer system writes data to a data recording device connected to the computer system, or when reading data recorded in the data recording device, or the data recording device Data input / output API hook means for adding interrupt processing to data input / output processing in the operation system when deleting the data recorded in the operation system, and when the application software writes data to the data recording device, Write access determination means for determining whether data can be written;
When the data recorded in the data recording apparatus holds the first management information including information for identifying the storage position of the management information and the storage position of the data , the application software does not erase A writing management information masking means for concealing the first management information by writing the data in a data storage location identified by the first management information when writing the data,
A data management apparatus comprising: a deletion access determination unit that determines whether or not the data can be deleted when the application software deletes data recorded in the data recording apparatus. In a data management apparatus that operates in compliance with the access right held in the management information for the data that holds the access right for reading, writing, and deleting the data as management information in the data file that stores the data,
When application software operating on an operation system of a computer system writes data to a data recording device connected to the computer system, or when reading data recorded in the data recording device, or the data recording device Data input / output API hook means for adding interrupt processing to data input / output processing in the operation system when deleting data recorded in
When the application software writes data to the data recording device, write access determination means for determining whether the data can be written;
When the first management information including information for identifying the storage position of management information and the storage position of the data is recorded in the data recording device, the application software does not delete the first management information at the time of writing . Write-time management information masking means for concealing the first management information by writing the data to a storage location of data identified by the management information of one;
When the application software reads data recorded in the data recording device, read access determination means for determining whether the data can be read;
When the data recorded in the data recording device holds the first management information related to the data in order to provide necessary and sufficient information for the application software, the data recording device reads the data. A management information masking means for concealing the first management information by reading the data from a storage position of the data sometimes identified by the first management information;
A data management apparatus comprising: a deletion access determination unit that determines whether or not the data can be deleted when the application software deletes data recorded in the data recording apparatus.   Write completion detection means for detecting completion of data writing to the data recording device by the application software, read completion detection means for detecting completion of data reading from the data recording device by the application software, and data writing completion When the data write completion detection signal is received from the detection means, the second management information corresponding to the data writing process of the data is generated, and when the data read completion detection signal is received from the read completion detection means Management information generating means for generating third management information corresponding to the data reading process of the data, and the second management information or the third management information in the data recorded in the data recording device 7. A management information writing means for recording after addition or replacement, and further comprising: Placing data management device.   When receiving the completion of reading data from the data recording apparatus by the application software and the data reading completion detection signal from the reading completion detecting means, the data corresponding to the data reading process of the data is received. Management information generating means for generating third management information corresponding to data deletion processing when receiving a determination result signal from the deletion access determining means, and the second management information 8. The data management apparatus according to claim 7, further comprising management information writing means for recording information or the third management information in addition to or in place of data recorded in the data recording apparatus.   Write completion detection means for detecting completion of data writing to the data recording device by the application software, and data write processing of the data upon receipt of a data write completion detection signal from the data write completion detection means When the second management information corresponding to the delete access determination means is received, the management information generation means for generating the third management information corresponding to the data deletion process, 9. The management information writing means for recording the second management information or the third management information by adding or replacing the data recorded in the data recording device. Data management device.   Write completion detection means for detecting completion of data writing to the data recording device by the application software, read completion detection means for detecting completion of data reading from the data recording device by the application software, and data writing completion When the data write completion detection signal is received from the detection means, the second management information corresponding to the data writing process of the data is generated, and when the data read completion detection signal is received from the read completion detection means Generates third management information corresponding to the data read processing of the data, and generates fourth management information corresponding to the data deletion processing when receiving a determination result signal from the deletion access determination means Management information generating means for generating, and the second, third or fourth generated by the management information generating means The data management system of claim 9, wherein further comprising a management information writing means for adding or substituted by recording the management information on data recorded in the data recording device.   The management information generating means is a template to be referred to when generating the first to fourth management information templates, and management information including at least a part of the management information including the creation date as a predetermined variable The management information template storage means for storing the template and the first through the first information stored in the management information template storage means in response to a signal from the read completion detection means, the write completion detection means or the deletion access determination means Management information template selection means for selecting a fourth management information template, system information acquisition means for acquiring system information including the time of the computer system or a login user name, and a file for identifying target data in the signal Information including name, management information selected by the system information and the management information template selection means Management information composition means for generating management information related to target data from the template, management information display confirmation means for displaying the generated management information and prompting the computer system operator to confirm, and changing the generated management information 14. The data management apparatus according to claim 13, further comprising management information changing means.   The write access determination means relates to management information reading means for acquiring access determination target data recorded in the data recording device and reading management information included in the data, and an access right included in the management information An access policy extraction unit that extracts an access policy that is information, an access policy selection unit that selects an access policy related to write access included in the access policy, and an access to all of the access policies selected by the access policy selection unit An access condition determining means for determining a condition, and an obligation executing means for executing an obligation procedure included in the selected access policy when the access condition determining means determines that the condition is satisfied. Term 1, 4, 6, 8, 9, 1 The data management system 12, 13 or 14, wherein.   The read access determination means acquires management target data recorded in the data recording device, reads management information included in the data, and information on access rights included in the management information An access policy extracting means for extracting an access policy, an access policy selecting means for selecting an access policy related to read access included in the access policy, and an access condition for all of the access policies selected by the access policy selecting means The access condition determining means for determining whether or not the condition is satisfied by the access condition determining means, and an obligation executing means for executing an obligation procedure included in the selected access policy. 2, 6, 7, 9, 10, 1,13 or 14 data management apparatus according.   The deletion access determination means includes management information reading means for acquiring access determination target data recorded in the data recording device and reading management information included in the data, and information relating to an access right included in the management information. An access policy extracting means for extracting a certain access policy, an access policy selecting means for selecting an access policy related to deletion access included in the access policy, and an access condition for all of the access policies selected by the access policy selecting means 4. The access condition determining means for determining, and duty executing means for executing an obligation procedure included in the selected access policy when the access condition determining means determines that the condition is satisfied. 5, 7, 8, 9, 11, 1 The data management system 13 or 14, wherein. In a data management program that operates in compliance with the access right held in the management information for the data that holds the read, write, and delete access rights to the data as management information in the data file that stores the data,
When application software operating on an operation system of a computer system writes data to a data recording device connected to the computer system, or when reading data recorded in the data recording device, or the data recording device Data input / output API hook means for adding interrupt processing to data input / output processing in the operation system when deleting data recorded in
When the application software writes data to the data recording device, write access determination means for determining whether the data can be written;
When the data recorded in the data recording device holds management information including information for identifying the storage position of the management information and the storage position of the data related to the data , the application software is not deleted. A computer of the computer system is caused to function as a write-time management information masking means for concealing the management information by writing the data in a data storage position identified by the management information when writing data. Data management program.

Images