JP4185546B2 - Information leakage prevention device, information leakage prevention program, information leakage prevention recording medium, and information leakage prevention system - Google Patents

Description

  The present invention relates to a technique for preventing leakage of information recorded in a computer, and in particular, when information recorded in a computer is stored in a recording medium such as a USB memory and taken out, the information can be traced. The present invention relates to an information leakage prevention device, an information leakage prevention program, an information leakage prevention recording medium, and an information leakage prevention system.

In recent years, with the development of information processing technology, various types of information generated in business activities and the like have been digitized and recorded in computers, and are generally managed and used.
In such a situation, when electronic information is used by a plurality of computers, the information may be temporarily recorded from one computer on a recording medium such as a USB memory, and used or copied by another computer. Often done.
In addition, electronic information recorded in a company computer may be recorded on a recording medium and taken home, and the recording medium may be connected to a personal computer to perform work using the recorded electronic information. is there.

However, when electronic information should be prevented from leaking such as trade secrets, there is a problem that such use is very risky.
That is, once electronic information is recorded on a recording medium, it is very difficult to appropriately prevent leakage of the electronic information.
For example, if an employee records information related to a company's trade secret on a recording medium and takes it home, the information is copied to a personal computer at home and the employee deletes the information appropriately after the use. Otherwise, there is a problem that information relating to trade secrets remains on the personal computer, increasing the risk of information leakage.

On the other hand, the company can grasp the history that information related to trade secrets has been recorded on the recording medium from the company computer by recording it on the company computer.
However, after electronic information has been recorded on a recording medium and taken out, it has not been possible to know who has used the information and how it has been stored in which computer.
Of course, important information such as information related to trade secrets will not occur as long as it cannot be uniformly recorded on a recording medium. It is common practice to deliver such information, and its needs are very high.
For this reason, when electronic information stored in a computer is recorded on a recording medium, it is important to reduce the risk of leakage of the information.

As a technique for reducing such a risk, for example, when electronic information is recorded on a recording medium, a method of encrypting the electronic information has been put into practical use. In this method, the user is authenticated when using the recording medium, and the recorded electronic information can be decrypted only when the authentication is successful. The electronic information is not decrypted and can be prevented from leaking.
For this reason, if this method is used, it becomes possible to exclude the unauthorized use of the electronic information recorded on the recording medium by a third party.
However, even if this method is used, if the user himself / herself uses electronic information recorded on a recording medium with a personal computer at home, the company will know how the electronic information was used. I couldn't. Also, even if the electronic information was copied to a personal computer, the company could not grasp it.

Similarly, as a technique for encrypting electronic information to be recorded on a recording medium, for example, an electronic device described in Patent Document 1 and a control method thereof can be cited. According to this method, encryption and decryption of information recorded on a recording medium that can be attached to and detached from the electronic device is attached to and detached from the electronic device on the condition that a certain maintenance ID is recorded on the recording medium. It is possible to do this automatically.
According to this control method, the information recorded on the recording medium can be decrypted and used only by a specific electronic device.
However, even with this method, it is impossible to track how the information recorded on the recording medium has been used thereafter, as in the above-described prior art.

Further, as a technique capable of reducing the risk of information leakage when information stored in a computer is recorded on a recording medium, for example, a peripheral device provided with an unauthorized use notification system described in Patent Document 2 can be cited.
The peripheral device provided with the unauthorized use notification system includes a storage unit for storing individual information and notification destination information of the host device, and a transmission unit for unauthorized use information, and registers the individual information and the notification destination information in the storage unit, When using the peripheral device, the individual information of the host device connected to the peripheral device is compared with the individual information registered in the peripheral device. If the individual information is the same, the peripheral device can be used. Is configured such that the peripheral device cannot be used and unauthorized use information is transmitted to the notification destination registered by the transmission means.
If this peripheral device has the function of a recording medium, the recording medium can be used only by a certain computer registered in advance, and if it is used by another computer, it will report unauthorized use. The function is considered to have the effect of further reducing the risk of information leakage.

JP 2006-202158 A JP 2005-346396 A

  However, even if the recording medium is provided with an unauthorized use notification system, how the information recorded in the recording medium is used when the recording medium is used in a predetermined computer registered in advance. The company cannot grasp this. Also, even if important information is copied to this registered computer, the company cannot grasp it and cannot appropriately prevent the leakage of electronic information recorded on the recording medium. There's a problem.

On the other hand, when electronic information is recorded on a recording medium, if the company can grasp how the recorded electronic information was used thereafter, the information leakage prevention effect will be improved. Conceivable. However, there has been no technology that provides such an effect prior to the filing of the present invention.
In addition, when electronic information is copied from a recording medium to a computer, there is a possibility that information leakage may occur due to the copied electronic information. A technique for appropriately suppressing this information is also available before the filing of the present invention. Did not exist.
On the other hand, as described above, there is a great need for corporate activities to exchange electronic information using a recording medium, and the prevention of information leakage at that time is an important social issue. .

  The present invention has been considered in view of the above circumstances. When electronic information recorded on a recording medium is copied to a computer, the electronic information is encrypted and copied, and an application is applied to the copied electronic information. When an access is made based on a program, etc., an information leakage prevention device, an information leakage prevention program, and an information leakage that decrypt the electronic information only when the USB memory is connected and authentication for using the USB memory is successful. An object is to provide a deterrence recording medium and an information leakage deterrence system.

  The present invention records information access history on a recording medium when the information is copied from a computer to a recording medium and used on another computer in an offline environment. When the recording medium is next used in an online environment, an information leakage prevention device, an information leakage prevention program, and information that enable monitoring and tracking of information taken out by transmitting the access history to the server device It is an object to provide a leakage suppression recording medium and an information leakage suppression system.

In order to achieve the above object, an information leakage prevention program according to the present invention leaks information recorded on a recording medium to a computer connected to a removable recording medium equipped with a biometric authentication means for authenticating a user. An information leakage prevention program that prevents the information leakage is stored in a recording medium, and when the recording medium is connected to a computer, it is confirmed whether or not the information leakage prevention program exists in the computer. If the information leakage prevention program does not exist, the information leakage prevention program is activated. If the information leakage prevention program does not exist, the information leakage prevention program stored in the recording medium is activated, and the computer stores the information recorded on the recording medium. Copying or moving and copying to a predetermined recording means in the computer, information is recorded in the recording means by the copying means Upon being recorded, prior to the recording and encrypts the input information from the duplication unit, encryption means for outputting the encrypted information to the duplication unit as information to be recorded in the recording means, and, a recording medium In the case of authentication failure in response to the success result of the user authentication processing executed by the biometric authentication means provided in the recording medium in a state connected to the computer, the information recorded in the recording means is decrypted. It is configured to function as a decoding unit that does not decode information.

If the information leakage prevention program has such a configuration, the computer can be provided with an information leakage prevention function by being installed and executed.
That is, when the information recorded on the recording medium is copied from the recording medium connected to the computer to the computer, the information can be encrypted and copied by the computer. Then, the decrypted information can be decrypted only when the recording medium is connected to the computer and the authentication is successful.

For this reason, even if information is recorded on a recording medium from a certain computer and the information is copied from the recording medium to another computer, the information is recorded on the other computer in order to use the copied information effectively It is necessary to connect the medium and succeed in authentication.
Therefore, according to the present invention, even when information stored in a computer is recorded on a recording medium such as a USB memory and taken out, the risk of the information being used improperly and leaking can be suppressed. It has become.

  The information leakage suppression recording medium of the present invention is configured to record the above information leakage suppression program.

If the information leakage suppression recording medium has such a configuration, the recording medium can have the information leakage suppression program for causing the computer to function as an information leakage suppression device.
Here, in a Windows (registered trademark) OS (operating system) or the like, a file having a predetermined name is stored in a recording medium such as a USB memory, and the file name to be executed is described in the file. By doing so, there is a mechanism for automatically executing the file when the recording medium is connected to the computer.

Therefore, if such a mechanism is used, when the recording medium is connected to a computer equipped with a Windows (registered trademark) OS or the like, if there is no information leakage prevention program in the computer, this is recorded on the recording medium. Can be duplicated and started on the computer.
For this reason, if the information leakage suppression recording medium of the present invention is used, all computers connected thereto can function as an information leakage suppression device, and the information leakage suppression of the present invention can be effectively realized.

In addition, the information leakage suppression apparatus of the present invention connects an detachable recording medium provided with a biometric authentication means for authenticating a user, and suppresses information leakage recorded on the recording medium. When a recording medium is connected to the information leakage prevention device, the information leakage prevention device must check whether a predetermined information leakage prevention program exists, and must exist and be activated. For example, the information leakage prevention program is started. If the information leakage prevention program does not exist, the information leakage prevention program stored in the recording medium is started, and the information leakage prevention device includes a duplication unit, an encryption unit, and a decryption unit. A program executing means for generating, a copying means for copying or moving the information recorded on the recording medium and recording the information on a predetermined recording means in the information leakage prevention apparatus; When the information is recorded in the recording means by the encryption means, before the recording, the information is input from the copying means and encrypted, and the encrypted information is output to the copying means as information recorded in the recording means. In response to the success of the user authentication process executed by the biometric authentication unit provided in the recording medium with the recording medium connected to the computer, the information recorded in the recording unit is decrypted and authenticated. In the case of failure, the information processing apparatus includes a decoding unit that does not decode information.

If the information leakage prevention device has such a configuration, when the information recorded on the recording medium is copied to the information leakage prevention device, the information can be encrypted and copied. Then, only when the recording medium is connected to the information leakage prevention apparatus and the authentication is successful, the encrypted information can be decrypted and used.
For this reason, for example, information stored in a company computer (information leakage prevention device) is recorded on a recording medium, taken home, and the information is copied to a personal computer (information leakage prevention device). In such a case, if the recording medium is removed from the personal computer, the information cannot be decrypted and used.
Therefore, even if an employee duplicates information on a personal computer and forgets it without deleting it, the copied information will be used unless authentication is successful by connecting an appropriate recording medium to the computer. Since it cannot be decrypted, it is possible to prevent the contents from leaking to a third party.

In addition, when the decryption means in the present invention is permitted to use the recording medium by the biometric authentication means, information obtained by copying the CPU of the information leakage suppression apparatus based on the execution of the application program in the information leakage suppression apparatus. It is also preferable that the copied information be decrypted and passed to the CPU when accessed.
In this way, when a file copied based on the execution of the application program is used, the file can be decrypted.

The information leakage prevention apparatus of the present invention can be realized as a computer that executes the information leakage prevention program.
Further, by recording this information leakage prevention program on a recording medium, it is possible to automatically install the information leakage prevention apparatus when the recording medium is connected to the computer and to function as the information leakage prevention device. .

  In addition, the information leakage suppression device of the present invention is connected to the server device via a communication line, and authentication processing is performed when a predetermined program is started, and the authentication information of the administrator of the information leakage suppression device is input A program execution unit that executes the predetermined program only when the authentication process is successful, and when the predetermined program is started, the server apparatus is accessed via the communication line and the administrator authentication information is received from the server apparatus. An administrator authority information acquisition unit may be provided, and the program execution unit may input authentication information of the administrator from the administrator authority information acquisition unit, perform an authentication process, and execute a predetermined program.

If the information leakage prevention apparatus is configured as described above, if there is a process executed by a program that requires administrator authority among the processes executed in the information leakage prevention apparatus, the administrator The information leakage suppression apparatus can automatically acquire the authentication information necessary for acquiring the authority from the server apparatus, and the authentication information can be used to execute the program that requires the administrator authority.
That is, if there is a program that is executed in the information leakage suppression device described above and requires authentication by administrator authentication information (administrator ID and password) to start the program, the authentication information is leaked. The deterrence device can automatically acquire from the server device, perform authentication processing using this authentication information, and execute the program requiring the administrator authority.

For this reason, it is no longer necessary to give the administrator authority to the user of the information leakage suppression apparatus, and it is possible to prevent the administrator authority from being given unnecessarily to a large number of people, and every time the information leakage suppression apparatus is used. It is also possible to avoid a complicated situation where a person having administrator authority is required.
The administrator is a person who can execute various processes by the OS (operating system) of the information leakage prevention apparatus without any special restriction, and means, for example, “administrator” in Windows (registered trademark).

  In addition, the information recording apparatus according to the present invention is connected to a server device via a communication line, and log recording means for writing a history of accesses made by the information leakage controlling apparatus to the recording medium. And a log transmission means for reading the access history written on the recording medium by the log recording means from the recording medium and transmitting it to the server device.

If the information leakage prevention apparatus has such a configuration, the access history for information such as files held in a recording medium such as a USB memory connected to the information leakage prevention apparatus can be recorded on the recording medium itself. Can do.
The access history thus recorded on the recording medium can be transmitted from the information leakage suppression apparatus to the server apparatus, and can be managed by the server apparatus.
For this reason, it becomes possible to appropriately manage and track how the information held in the recording medium has been used.
The “access history” is a history of various operations performed on the information recorded on the recording medium. For example, the access time, the file name of the accessed information, the access contents (creation, writing, reading, (Deletion, name change), computer name (and / or computer ID), device ID of the recording medium, user ID of the authenticated person, that is, the user of the recording medium, and the like.

  In addition, the information recording apparatus according to the present invention may be configured such that the log recording means includes, as an access history, at least the access time, the name of the file to be accessed, the contents of the access, the identification information of the information leakage suppressing apparatus that has performed the access, Either the identification information or the identification information of the user of the recording medium can be written to the recording medium.

  Further, the information leakage suppression apparatus according to the present invention is configured such that the content of access is any of creation of a new file, writing of information to the file, reading of information from the file, deletion of the file, or renaming of the file It can also be.

  If the information leakage prevention apparatus is configured as described above, it is possible to record an appropriate log including the above-described various types of information on a recording medium.

  In addition, the information leakage suppression apparatus according to the present invention may be configured such that the access history is transmitted to the server device by the log transmission unit immediately after the access history is written to the recording medium by the log recording unit.

If the information leakage prevention device is configured in this way, when the information leakage prevention device is connected to the server device, when the log is recorded on the recording medium, the recorded log is immediately transmitted to the server device. be able to.
For this reason, the server apparatus can quickly grasp the access history to the recording medium.

  In addition, when the information leakage prevention apparatus according to the present invention writes the access history to the recording medium by the log recording unit when the information leakage prevention apparatus is not connected to the server apparatus, the information leakage prevention apparatus The log transmission means may transmit the access history to the server device when the server is connected to the server device.

If the information leakage prevention device is configured as described above, after recording information from a certain information leakage prevention device to a recording medium, the information is recorded by connecting the recording medium to another information leakage prevention device in an offline state. When is used, an access history for the information can be recorded on a recording medium.
Then, when the other information leakage prevention device comes online or when the recording medium is connected to another information leakage prevention device that is online, the recorded access history is transmitted to the server device. can do.
For this reason, even when a recording medium is connected to the offline information leakage prevention apparatus and the information recorded on the recording medium is used, the access history for the information can be appropriately recorded. It becomes possible to manage.

In the present invention, “online” refers to a state in which the information leakage suppression device is connected to the server device, and “offline” refers to a state in which the information leakage suppression device is not connected to the server device.
Therefore, “offline” in the present invention includes a state in which communication via a communication line cannot be performed at all, but does not necessarily mean only this state.

In addition, the information leakage suppression system of the present invention suppresses leakage of information recorded on a recording medium by an information leakage suppression apparatus connected to a detachable recording medium having a biometric authentication means for authenticating a user. An information leakage suppression system, which is a removable recording medium provided with biometric authentication means, and a predetermined information leakage suppression program exists in the information leakage suppression device when the recording medium is connected to the information leakage suppression device. If it does not exist and is not activated, the information leakage suppression program is started. If it does not exist, the information leakage suppression program stored in the recording medium is started and the information is Copy or move information recorded on a recording medium, a program execution unit that generates a duplication unit, an encryption unit, and a decryption unit in the leakage suppression device, and When the information is recorded on the recording means by the duplicating means and the duplicating means to be recorded on the predetermined recording means in the leakage suppression device, the information is input from the duplicating means and encrypted before the recording, and the encrypted information is Success of user authentication processing executed by the biometric authentication means provided in the recording medium with the encryption means outputting to the copying means as information recorded in the recording means, and the recording medium connected to the computer In response to the result, the information recorded in the recording means is decrypted, and in the case of authentication failure, the information leakage suppression apparatus is provided with a decrypting means that does not decrypt the information.

If the information leakage prevention system is configured in this way, when information recorded on a recording medium is copied to an information leakage prevention device, the information can be encrypted and copied. Is decrypted only when the recording medium is connected to the information leakage prevention apparatus and the authentication is successful.
That is, when information is recorded on a recording medium from a certain information leakage prevention device, and this recording medium is connected to another information leakage prevention device, the information is copied to the other information leakage prevention device. In order to use it, it is necessary to successfully authenticate by connecting a recording medium to the information leakage prevention apparatus.

For this reason, for example, when an information leakage prevention recording medium of the present invention is connected to a computer in a company, information is recorded on the recording medium, and the information is taken home and copied to a personal computer. Without the suppression recording medium, the copied information cannot be used.
Therefore, even when information is taken home from the company and copied to a personal computer, the copied information cannot be used by a third party who does not have an information leakage suppression recording medium. It becomes possible to appropriately suppress the leakage of the information.

According to the present invention, when the information recorded on the recording medium is copied to another computer, the information can be encrypted and copied, and the recording medium is connected to the computer and successfully authenticated. Only the copied information can be decrypted.
For this reason, even when information of a certain computer is recorded on a recording medium and taken out and copied to another computer, the copied information can be used only by a person who possesses the information leakage suppression recording medium. It is not possible to appropriately prevent leakage of the information.

Further, according to the present invention, even when information is recorded on a recording medium connected to a computer and the recording medium is used on another computer, access to the information recorded on the recording medium is possible. The history can be recorded on the recording medium itself.
The access history can be transmitted to the server device when the other computer is online or when the other computer is offline and the recording medium is next connected to the online computer.
For this reason, in the server device, it is possible to appropriately manage the access history for the information recorded on the recording medium, and it is possible to track the usage status.

  Hereinafter, preferred embodiments of an information leakage suppression apparatus, an information leakage suppression program, an information leakage suppression recording medium, and an information leakage suppression system according to the present invention will be described with reference to the drawings.

[First embodiment]
First, the structure of 1st embodiment of this invention is demonstrated with reference to FIGS. FIG. 1 is a block diagram showing the configuration of the information leakage suppression system according to the first embodiment of the present invention. FIG. 2 is a block diagram showing the configuration of the USB memory in the system. FIGS. 3 to 5 are block diagrams showing the configuration of the client machine in the system, and show the states when they are in the company and online, outside and online, and outside and offline, respectively. FIG. 6 is a block diagram showing the configuration of the server machine in the system.

  As shown in FIG. 1, the information leakage suppression system of this embodiment includes a USB memory 10, a client machine 20 (internal, online), a client machine 30 (external, online), a client machine 40 (external, offline), and a server machine. 50 and a communication line 60. In FIG. 1, the client machine 40 is not connected to the communication line 60, but this is an example simply showing that the client machine 40 is not connected to the server machine 50. In the following description, the client machine 40 As long as 40 does not connect to the server machine 50, the client machine 40 may be connected to a communication line 60 such as the Internet.

[USB memory 10]
The USB memory 10 is a recording medium having a biometric authentication function. As the USB memory 10, a general-purpose memory can be used, but functions as an information leakage suppression recording medium by storing an information leakage suppression program as described below.
As shown in FIG. 2, the USB memory 10 includes an authentication information recording unit 11, an information leakage prevention program recording unit 12, a biometric authentication unit 13, an encryption processing A unit 14, a USB memory authentication history recording unit 15, and a file access history recording. And a file (encryption-processed A) recording unit 17.

The authentication information recording unit 11 records authentication information and the like for determining whether or not the information leakage suppression device makes the USB memory 10 usable when the USB memory 10 is connected to the information leakage suppression device.
As such authentication information, the authentication information recording unit 11 has a device ID 11a, biometric authentication information 11b, the longest offline time 11c, the latest online time 11d, and the offline possible time 11e.

The device ID 11 a is information for identifying the USB memory 10. Based on the device ID 11a, the information leakage prevention apparatus can use only the USB memory 10 having the specific device ID 11a.
The biometric authentication information 11b is information such as user fingerprint information and identification information for specifying the biometric authentication information. As will be described later, the USB memory 10 according to the present embodiment can determine whether or not to permit use of the USB memory 10 by the information leakage suppression device using the biometric authentication information 11b. Yes.

  The longest offline time 11c is information that defines the longest time to use the USB memory 10 connected to an offline computer. Further, the latest offline time 11d is the latest authentication completion time written in the USB memory 10 by the information leakage suppression device as the time when the information leakage suppression device was online. Further, the offline available time 11e is information indicating the remaining time during which the USB memory 10 can be used offline.

The information leakage suppression program recording unit 12 stores an information leakage suppression program. This information leakage prevention program can be recorded in the information leakage prevention program recording unit 12 by connecting the USB memory 10 to the client machine 20 and downloading it from the server machine 50.
Further, as described above, the Windows (registered trademark) OS has a function of executing a predetermined file (not shown) in the USB memory when the USB memory is connected to the computer.
In the present embodiment, when storing the information leakage prevention program in the information leakage prevention program recording unit 12, an automatic operation for setting the information leakage prevention program in an activated state on the computer connected to the USB memory 10 in the predetermined file. Stores the installation program.

Based on the automatic installation program, the CPU of the computer connected to the USB memory 10 determines whether or not the information leakage prevention program is being executed in the computer. If the information leakage prevention program is being executed, the process is terminated as it is.
When the information leakage prevention program is not executed, it is determined whether or not the information leakage prevention program exists in the computer. And when it exists, the information leakage suppression program is started. On the other hand, if it does not exist, the information leakage prevention program stored in the information leakage prevention program recording unit 12 is copied to the computer, and the copied information leakage prevention program is started.

The biometric authentication unit 13 inputs biometric authentication information and determines whether the biometric authentication information is registered as biometric authentication information 11 b in the authentication information 11. If registered, the biometric authentication unit 13 can use the USB memory 10. That is, it is possible to access information in the USB memory 10 by a computer to which the USB memory 10 is connected.
On the other hand, if it is not registered, the biometric authentication unit 13 disables the USB memory 10. The method for disabling the use is not particularly limited. For example, a method of prohibiting access to information in the USB memory 10 by a computer connected to the USB memory 10 can be used.
The same applies to other authentication methods according to the present invention as to how the USB memory 10 can be used.

As this biometric authentication means 13, what is equipped with the conventionally well-known USB memory with a fingerprint authentication function can be used.
Note that the biometric authentication information used as authentication information in the information leakage suppression recording medium of the present invention is not limited to fingerprint information, and uses voice information, iris information, and other various biometric information that can be used for biometric authentication. Is possible.
The USB memory 10 of the present embodiment assumes that fingerprint information is used as biometric authentication information. However, when using voice information, a recording medium to which a voice input device such as a mobile phone can be connected is used. The present invention can also be used as an information leakage suppression recording medium of the present invention, and other various input devices according to the type of biometric authentication information to be input may be connected to the recording medium.

When the file is written in the USB memory 10, the encryption processing A means 14 encrypts the file and records it in the file 17. In the present invention, a separate encryption process is also performed. Therefore, the encryption process by the USB memory 10 is referred to as an encryption process A in order to distinguish it from this separate encryption process.
In addition, when the file recorded in the file 17 is read by a computer connected to the USB memory 10 or copied to the computer, the encryption processing A means 14 decrypts the file. As described above, the USB memory 10 can be used only when various authentications (device authentication, biometric authentication, and offline time authentication) for using the USB memory 10 are successful. Therefore, the above encryption and decryption are performed after the authentication for using the USB memory 10 is completed, and are not inappropriately performed by a third party operation.
As such an encryption processing A means 14 in the present embodiment, those provided in a conventionally known USB memory with a fingerprint authentication function can be used.

  The USB memory authentication history recording unit 15 stores a log for recording a history of authentication processing and the like performed on the USB memory. The log record items recorded in the USB memory authentication history recording unit 15 include, for example, access time, access contents (authentication, addition / deletion of biometric authentication information), access results (success, failure, prohibited because it is prohibited) , Interruption), computer name (and / or computer ID), USB memory device ID, authenticated user ID, logged-in user ID (login ID), and the like.

  The file access history recording unit 16 stores a log for recording an access history for a file recorded in the USB memory 10. The log record items recorded in the file access history recording unit 16 include, for example, access time, accessed file name, access contents (creation, write, read, delete, rename), computer name (and / or computer) ID), the device ID of the USB memory, the user ID of the authenticated person, the name of the process that performed the operation (for example, Excel.exe), the login name that is logged in, and the like.

The file (encrypted processing A finished) recording unit 17 stores a file created in the USB memory 10 by a computer to which the USB memory 10 is connected.
The file stored in the file recording unit 17 is encrypted and stored by the encryption processing A means 14.
Then, as described above, the encryption-processed file stored in the file recording unit 17 is decrypted and read by the encryption-processing A means 14.

[Client machine 20 (in-house, online)]
The client machine 20 is a computer used in a company that uses the information leakage suppression system of the present invention, and functions as an information leakage suppression device by installing and starting the information leakage suppression program of the present invention.
In the present embodiment, the client machine 20 is used in an online environment and is connected to the server machine 50 via the communication line 60.

As shown in FIG. 3, the client machine 20 includes information leakage prevention means 21 and recording means 22.
The information leakage suppression unit 21 includes a server connection unit 21a, a device authentication unit 21b, a user authentication unit 21c, an offline time authentication unit 21d, a log recording unit 21e, a log transmission unit 21f, a log deletion unit 21g, an encryption unit 21h, and a decryption unit. There is provided a converting means 21i. The recording unit 22 stores an information leakage prevention program 22a, an application program 22b, and a file (not encrypted) 22c.
Although the client machine 20 includes other input means, display means, and the like, these are omitted because they are not essential components of the present invention. The same applies to the client machines 30 and 40 and the server machine 50.

When the information leakage prevention program 22a stored in the recording unit 22 is activated, this program is expanded on the memory of the client machine 20 and executed by the CPU of the client machine 20.
Each means in the information leakage prevention means 21 is configured by the memory and CPU in the client machine 20 by executing the information leakage prevention program 22a in this way.

The server connection unit 21 a connects the client machine 20 to the server machine 50 via the communication line 60.
When the USB memory 10 is connected to the client machine 20 and the biometric authentication is successful, the device authentication unit 21b connects the client machine 20 and the server machine 50 by the server connection unit 21a. And confirms whether or not this device ID 11a is registered as an ID of the usable USB memory 10 in the server machine 50.
If registered, the device authentication means 21b makes the USB memory 10 usable. On the other hand, if it is not registered, the USB memory 10 is disabled.

The user authentication unit 21 c performs authentication to determine whether the user can use the USB memory 10 based on the authentication information obtained as a result of biometric authentication in the USB memory 10.
At this time, the user authentication means 21c inputs identification information for specifying the biometric authentication information from the USB memory 10, transmits this identification information to the server machine 50, and the user management information including this identification information is recorded in the recording means. It is confirmed whether or not it is registered as user management information 51b in 51. If it is not registered, the USB memory 10 is disabled.

In the server machine 50, identification information for specifying the biometric authentication information of the user who prohibits the use of the USB memory 10 is registered in advance, and the USB memory 10 can be used when it is not registered in this. It is also possible to disable use when registered.
The user authentication process by the user authentication unit 21c is preferably executed following the device authentication process by the device authentication unit 21b.

The offline time authentication unit 21d determines whether the USB memory 10 can be used offline.
The offline time authenticating unit 21 d stores the current date and time at the latest online time 11 d of the USB memory 10 when all the authentication processes are successful when the USB memory is connected during online.
The offline time authentication unit 21d executes offline time authentication processing using the latest online time when the computer connected to the USB memory 10 is offline, that is, when the server connection unit 21a is not connected to the server machine 50. . Since the client machine 20 is online, the processing by the offline time authentication unit 21d is not performed. The offline time authentication process will be described in detail in the description of the client machine 40 and the like described later.

The log recording unit 21 e records USB memory authentication history information and file access history information in the USB memory 10.
That is, when the biometric authentication process using the USB memory 10 is performed, the log recording unit 21e records the authentication history in the USB memory authentication history recording unit 15 in the USB memory 10. In addition, when biometric authentication information is added or deleted, the history is recorded in the USB memory authentication history recording unit 15. The structure of the history information record is as described above in the description of the USB memory 10.

Further, when there is an access to a file recorded in the file recording unit 17 in the USB memory 10, the log recording unit 21e records the history in the file access history recording unit 16. The configuration of the history information record is also as described above in the description of the USB memory 10.
Since the user ID can be recorded in the biometric authentication information 11b of the USB memory 10 in the initial setting of the client machine to be described later, the log recording means is not only online but also offline. Also, it is possible to record the history information including the user ID.
Of course, when online, the user ID included in the user management information 51b can be acquired from the server machine 50 using the identification information for specifying the biometric authentication information input from the USB memory 10 as a key. It can also be recorded by being included in the above history information.

When the history information is recorded in the USB memory authentication history recording unit 15 or the file access history recording unit 16 in the USB memory 10, the log transmission unit 21f transmits the history information to the server machine 50 as needed.
When the log transmission unit 21f successfully transmits the history information to the server machine 50, the log deletion unit 21g deletes the history information transmitted from the USB memory authentication history recording unit 15 or the file access history recording unit 16.
As described above, when a log is written to the USB memory 10, the written log is transmitted to the server machine 50. When the transmission is successful, the transmitted log is deleted from the USB memory 10. It is possible to effectively use the recording capacity.

Note that the log is recorded in the USB memory 10 only when the computer to which the USB memory 10 is connected is offline. When the computer is online, the log is not recorded in the USB memory 10 and the computer to which the USB memory 10 is connected is recorded. A configuration in which the log is directly transmitted to the server machine 50 is also possible.
However, in the present embodiment, history information related to operations in the USB memory 10 is stored in the USB memory 10 itself, and when it can be connected to the server machine 50, the history information is transmitted to the server machine 50. Regardless of the communication environment of the computer to which the USB memory 10 is connected, the operation history of the file recorded in the USB memory 10 can be stably recorded, and the history information can be managed and traced more reliably.

When the file 17 recorded in the USB memory 10 is copied to the computer to which the USB memory 10 is connected, the encryption unit 21h encrypts the file. Since this encryption process is separate from the encryption executed by the USB memory 10, this encryption process is referred to as an encryption process B in this embodiment.
Note that the processing content itself of the encryption processing B is not the subject of the present invention, and any conventionally known processing may be used as appropriate.

The encryption processing by the encryption means 21h can be performed by determining whether to execute it for each computer to which the USB memory 10 is connected.
That is, when the computer and the server machine 50 are connected by the server connection unit 21a, the encryption unit 21h is the computer whose identification information is not required to perform the encryption process B in the server machine 50. Check if it is registered as a thing.
If registered, the encryption unit 21h does not execute the encryption process B when copying the file 17 recorded in the USB memory 10 to the computer to which the USB memory 10 is connected.
As a result, when the file is copied from the USB memory 10 to the client machine 20 used in the company, it is possible not to execute the encryption process by the encryption unit 21h.

On the other hand, if the identification information of the computer is not registered in the server machine 50 as a computer that does not need to perform the encryption process B, the encryption unit 21h stores the file 17 recorded in the USB memory 10. When copying to the computer to which the USB memory 10 is connected, the encryption process B is executed.
When the computer and the server machine 50 are not connected by the server connection unit 21a, the encryption unit 21h copies the file 17 recorded in the USB memory 10 to the computer to which the USB memory 10 is connected. At this time, the encryption process B is executed.

In the present embodiment, the client machine 20 is an in-house online terminal, and when a file recorded in the USB memory 10 is copied to the client machine 20, it is not necessary to encrypt the file.
Therefore, the identification information of the client machine 20 is registered in the server machine 50 as not requiring the encryption process B, and the encryption process by the encryption unit 21h is not performed.

The decryption means 21i decrypts the file under a certain condition when using the file that has been subjected to the encryption process B by the encryption means 21h and copied on the computer.
As this condition, it is possible to use that the USB memory 10 is connected to the computer and that the biometric authentication process is successful when the USB memory 10 is used.
Since the file 22c in the client machine 20 is not encrypted, the file 22c is not decrypted by the decryption means 21i.

The recording means 22 is a recording device in the client machine 20 and can be constituted by, for example, a hard disk or various memories.
As shown in FIG. 3, the recording unit 22 stores an information leakage suppression program 22a, an application program 22b, and a file 22c.

The information leakage suppression program 22a can be downloaded from the server machine 50 and recorded in the recording unit 22 in the client machine 20 or the like.
Further, by connecting the USB memory 10 storing the information leakage prevention program 22 a to the client machine 20, the information leakage prevention program 22 a can be copied from the USB memory 10.

The application program 22b is a program that uses the file 22c.
By executing the application program 22b, various operations such as reading and writing on the file 22c are performed by the memory developed by the application program 22b and the CPU of the client machine 20.

[Client machine 30 (external, online)]
The client machine 30 is a computer outside the company, and functions as an information leakage suppression device by installing and starting the information leakage suppression program of the present invention.
In the present embodiment, the client machine 30 is used in an online environment and is connected to the server machine 50 via the communication line 60.

  As shown in FIG. 4, the client machine 30 includes an information leakage prevention unit 31 and a recording unit 32. The information leakage prevention unit 31 includes a server connection unit 31a, a device authentication unit 31b, a user authentication unit 31c, An offline time authentication unit 31d, a log recording unit 31e, a log transmission unit 31f, a log deletion unit 31g, an encryption unit 31h, and a decryption unit 31i are provided. In addition, the recording unit 32 stores an information leakage suppression program 32a, an application program 32b, and a file (encrypted processing B finished) 32c.

The functions of the client machine 30 of this embodiment are the same as those of the client machine 20, but since these are used in different environments, whether or not various functions can be executed and their execution contents are different.
That is, since the client machine 30 is a computer outside the company, the identification information of the computer is not registered as not performing the encryption process B in the server machine 50.
Therefore, when copying the file 17 recorded in the USB memory 10 to the client machine 30, the encryption unit 31h executes the encryption process B on the file.
For this reason, the file 32c in the recording means 32 has already been encrypted.

Further, when there is an access to the encrypted file 32c, the decrypting means 31i determines whether or not a certain condition is satisfied, and if it is satisfied, the file subjected to the encryption process B is determined. Is decrypted.
For example, when the file 32c is accessed by executing the application program 32b, the decryption unit 31i connects the USB memory 10 to the client machine 30 and succeeds in biometric authentication when using the USB memory 10. Determine whether or not.

  If these conditions are satisfied, the decryption means 31i decrypts the file 32c and returns it in response to the request by the execution of the application program 32b. On the other hand, when the condition is not satisfied, the decoding unit 31i does not perform decoding.

As described above, when a file is copied from the USB memory 10 that is the information leakage suppression recording medium of the present invention to the client machine 30 that is an external computer, the client machine 30 functions as an information leakage suppression device, The data is copied on the client machine 30 after being subjected to the encryption process B.
The file thus encrypted and copied on the client machine 30 cannot be decrypted and used unless the USB memory 10 is connected to the client machine 30 and biometric authentication is successful.

  As described above, according to the information leakage prevention apparatus, the information leakage prevention program, and the information leakage prevention recording medium of the present invention, a file is recorded from the client machine 20 in the company to the USB memory 10, and the USB memory 10 is outside the company. Even if the recorded file is copied to the client machine 30 by being taken out and connected to the client machine 30 at home, the user who can authenticate the USB memory 10 connects the USB memory 10. Unless the client machine 30 is operated, the file cannot be decrypted and referred to, and information leakage can be appropriately suppressed.

  Other points regarding the client machine 30 are basically the same as those of the client machine 20.

[Client machine 40 (external, offline)]
Similarly to the client machine 30, the client machine 40 is a computer outside the company and functions as an information leakage suppression device by installing and starting the information leakage suppression program of the present invention. Is not connected to the server machine 50.

As shown in FIG. 5, the client machine 40 includes an information leakage suppression unit 41 and a recording unit 42. The information leakage suppression unit 41 includes a server connection unit 41a, a device authentication unit 41b, a user authentication unit 41c, An offline time authentication unit 41d, a log recording unit 41e, a log transmission unit 41f, a log deletion unit 41g, an encryption unit 41h, and a decryption unit 41i are provided. The recording means 42 stores an information leakage suppression program 42a, an application program 42b, and a file (encrypted B).
The functions of the client machine 40 of this embodiment are the same as those of the client machine 20, but since these are used in different environments, whether or not various functions can be executed and their execution contents are different.

That is, the server connection means 41a has a function of connecting to the server machine 50 via the communication line 60. However, since the client machine 40 is used in an offline environment, the server connection means 41a Cannot connect to machine 50
The device authentication unit 41b includes a device ID authentication function as in the device authentication unit 21b. However, since the client machine 40 is used in an offline environment, the processing by this unit is not executed.
The user authentication unit 41c has a function of authenticating whether or not the user is prohibited from using the USB memory 10. However, since the client machine 40 is used in an offline environment, the processing by this unit is executed. Not.

The offline time authenticating means 41d determines whether or not the time for using the USB memory 10 as offline exceeds the longest offline time as the maximum time allowed to use the USB memory 10 as offline. If it is, the USB memory 10 is disabled.
Specifically, the offline time authenticating means 41d executes the authentication process by the following two methods.

(1) When the client machine 40 is not connected to the server machine 50 but can be connected to the Internet The offline time authentication means 41d acquires the value of the time server published on the Internet via the communication line 60, The difference between this value and the most recent online time in the USB memory 10 is calculated, and it is determined whether or not this difference exceeds the longest offline time. Is disabled.

(2) When the client machine 40 cannot connect to the outside at all, the offline time authenticating means 41d subtracts the certain time from the offline possible time 11e stored in the USB memory 10 every time a certain time elapses. When the offline possible time 11e becomes 0, the USB memory 10 is disabled.

The functions of the log recording unit 41e, the log transmission unit 41f, and the log deletion unit 41g are the same as the functions of the log recording unit 21e, the log transmission unit 21f, and the log deletion unit 21g in the client machine 20, respectively.
However, since the client machine 40 is offline, processing by the log transmission unit 41f and the log deletion unit 41g is not executed.

Since the client machine 40 is offline, there is a possibility that a log exceeding the recording capacity of the USB memory 10 may occur when there are very many file accesses. In such a case, if file access is permitted, appropriate log tracking cannot be performed, and the log recording unit 41e executes the following process.
That is, when a log is recorded in the USB memory authentication history recording unit 15 or the file access history recording unit 16 of the USB memory 10 and the recording capacity of the USB memory 10 becomes less than a certain level, the log recording unit 41e For example, a message such as “Prohibit access because log cannot be recorded if accessed further” is displayed on 40 display means.

When the next file access is attempted, the log recording means 41e or the like displays a message such as “Access to the log is prohibited because the log cannot be recorded. Please send the log online to the server”. Display, and prohibit access to the file 17 in the USB memory 10.
As a result, even when the USB memory 10 is connected to an off-line computer, all file access histories can be reliably recorded in the USB memory 10.

The functions of the encryption unit 41h and the decryption unit 41i are the same as the functions of the encryption unit 31h and the decryption unit 31i in the client machine 30, respectively.
Further, the function of the recording unit 42 is the same as the function of the recording unit 32 in the client machine 30 described above, and the information held therein is the same as that of the recording unit 32.

In order to use the USB memory 10 in the offline client machine 40, after connecting the USB memory 10 to the client machine 20 which is an in-house online terminal in advance and performing a certain offline permission registration in the server machine 50, It is also preferable to make the USB memory 10 usable in the client machine 40.
The processing related to offline permission registration can be performed, for example, as follows by offline permission registration means (not shown) in the client machine 20 (generated by executing the information leakage suppression program).

First, the offline permission registration unit causes the biometric authentication unit 13 in the USB memory 10 to perform biometric authentication. If biometric authentication fails, the process is terminated and offline use is not permitted.
Next, when biometric authentication is successful, the off-line permission registration means inputs identification information for specifying biometric information from the USB memory 10 and transmits it to the server machine 50 together with the device ID of the USB memory 10, The server machine 50 receives the longest offline time 51c corresponding to the device ID and the user ID corresponding to the identification information for specifying the biological information.

The offline permission registration means records the received longest offline time 51c in the longest offline time 11c in the USB memory 10 and records the user ID in the biometric information 11b.
Thereafter, when the USB memory 10 is used connected to the client machine 40, the USB memory 10 can be used offline only for the longest offline time 11c recorded in the USB memory 10 by the offline permission registration means. . In the server machine 50, if the longest offline time 51c is registered as 0, offline use can be prohibited.

For the mechanism for prohibiting offline use when the biometric authentication fails, various methods can be used. For example, by setting the initial value of the longest offline time 11c in the USB memory 10 to 0, offline permission registration is performed. As long as the effective longest offline time is not recorded by the means, it is possible to prevent the USB memory 10 from being used offline.
If the initial value of the longest offline time 11c in the USB memory 10 is not set to 0, when biometric authentication fails, the longest offline time 11c in the USB memory 10 is updated to 0 by the offline permission registration unit. Offline use can also be prohibited.
By requiring such offline permission registration for offline use, the server machine 50 can grasp that the USB memory 10 is used offline.

[Server machine 50]
The server machine 50 manages information about the user of the USB memory 10 and records the authentication history of the USB memory 10 and the access history of the files recorded in the USB memory 10. Further, the information leakage prevention program is managed, and is transmitted to the client machine 20 in response to a request from the client machine 20.

  As shown in FIG. 6, the server machine 50 includes a recording unit 51. The recording unit 51 includes one or two or more user management information 51b, the longest offline time 51c, a USB memory authentication history 51d for each device ID 51a. And the file access history 51e and the information leakage prevention program 51f. The server machine 50 also includes a CPU, a memory, and other various means, which are omitted because they are not essential matters of the present invention.

The device ID 51 a is identification information of one or more USB memories 10 managed by the server machine 50.
The user management information 51b is information including identification information for specifying biometric authentication information, a user ID, a password, and the like.
The identification information for specifying the biometric authentication information is allocated one or more for each device ID so that the biometric authentication information for each user can be identified when the biometric authentication information itself is not directly registered in the server machine 50. Identification information such as a serial number.
For example, when the biometric information is fingerprint information and nine fingerprint information can be registered for each USB memory 10, serial numbers 1 to 9 can be used as the identification information.

The longest offline time 51c is the maximum time during which the USB memory 10 is allowed to be used offline.
The USB memory authentication history 51d and the file access history 51e hold the USB memory authentication history information and the file access history information transmitted from the client machine 20 or the client machine 30, respectively.

  The information leakage prevention program 51f is a program that causes a computer to execute the information leakage prevention processing of the present invention. The information leakage prevention program 51f is transmitted to the client machine 20 and executed on the client machine 20, thereby causing the information leakage prevention device to operate the client machine 20. To function as. Then, the data is stored in the USB memory 10 by the client machine 20 and copied and executed on the client machine 30 and the client machine 40 to which the USB memory 10 is connected. The client machine functions as an information leakage prevention device.

[Communication line 60]
As the communication line 60, any publicly known public line, commercial line, or dedicated line known in the art can be used. The client machine 20, the client machine 30, and the server machine 50 can be configured with the same or separate communication lines.
Further, the communication line 60 is a line that can be connected between the client machine 20, the client machine 30, and the server machine 50 wirelessly or by wire. For example, a public line network, a private line network, an Internet line network, and an intranet It can be configured by a net.

[Processing procedure in information leakage prevention system]
Next, a processing procedure in the information leakage suppression system according to the present embodiment will be described with reference to FIGS. 7 and 8 are flowcharts showing an initial setting process procedure for the server machine and an initial setting process procedure for the client machine, respectively, in the system. FIG. 9 (FIGS. 9a and 9b), FIG. 10 (FIGS. 10a and 10b), and FIG. 11 (FIGS. 11a and 11b) are respectively a client machine (internal and online) and a client machine (external and online) in the same system. FIG. 5 is a flowchart showing a processing procedure when a USB memory is connected to a client machine (external, offline). FIG. 12 is a conceptual diagram of encryption processing and output prevention processing by the information leakage prevention program in the system.
Each process in the information leakage suppression system of this embodiment is executed in an event-driven manner. Therefore, although the processing procedure of this embodiment is illustrated in each drawing, the execution order of these processing can be changed suitably for every certain fixed process.

<Initial setting to the server machine 50>
First, an initial setting process procedure for the server machine 50 will be described with reference to FIG.
For each device ID that identifies the USB memory 10, the server machine 50 inputs user management information (user ID, password) of a user who is permitted to register biometric authentication information in the USB memory 10 and the longest offline time. Is stored in the recording means 51 (step 10).

<Initial setting to client machine 20>
Next, an initial setting process procedure for the client machine 20 will be described with reference to FIG.
The client machine 20 receives the information leakage prevention program from the server machine 50, stores it in the recording means 22 and installs it (step 20), and starts the installed information leakage prevention program (step 21).

The client machine 20 connects the USB memory 10 (step 22).
Next, the client machine 20 checks whether or not the input user management information (user ID, password) is registered in the recording means 51 of the server machine 50 (steps 23 and 24). In addition to inputting biometric authentication information to the USB memory 10, identification information for identifying biometric information, which is identification information such as a serial number assigned in association with the biometric information for each device ID, is stored in the USB memory. 10 (step 25).

Then, the client machine 20 associates the identification information for specifying the biometric authentication information with the user management information and transmits it to the server machine 50 and records it as the user management information etc. 51b in the recording means 51 (step 26). .
Further, the client machine 20 records biometric authentication information and the like (including identification information for specifying the biometric authentication information and a user ID), a device ID, a longest offline time, and an information leakage suppression program in the USB memory 10 (step) 27).

<Information leakage suppression processing when the USB memory 10 is connected to the client machine 20 (in-house, online)>
Next, with reference to FIG. 9 (FIGS. 9a and 9b), an information leakage suppression process procedure when the USB memory 10 is connected to the client machine 20 will be described.
When the USB memory 10 is connected to the client machine 20, the client machine 20 executes an information leakage suppression program existence confirmation process (step 30).
At this time, as described above in the description of the information leakage prevention program 12 of the USB memory 10, the client machine 20 confirms whether or not the information leakage prevention program is activated and exists in the client machine 20, If it does not exist and is not activated, it is activated, and if it does not exist, the information leakage prevention program 12 in the USB memory 10 is copied to the client machine 20 and activated.

Next, biometric information is input from the biometric authentication means of the USB memory 10 to the USB memory 10, and biometric authentication is executed by the biometric authentication means (steps 31 and 32).
For example, fingerprint authentication can be used as the biometric authentication, and the biometric authentication unit of the USB memory 10 determines whether the fingerprint information input from the fingerprint input unit matches the biometric authentication information in the USB memory 10. Then, biometric authentication is executed. Conventionally known methods can be used for such fingerprint authentication.

When the client machine 20 inputs information indicating that biometric authentication has been successful from the USB memory 10, the client machine 20 is then connected to the server machine 50 by the server connection means 21a (step 33).
Then, the device authentication unit 21b of the client machine 20 inputs the device ID from the USB memory 10 and authenticates whether it is registered in the recording unit 51 of the server machine 50 (steps 34 and 35). If the device ID of the USB memory 10 is not registered in the server machine 50 and the authentication is not successful, the client machine 20 disables the USB memory 10.

Next, the client machine 20 performs user authentication (steps 36 and 37). At this time, the user authentication means 21c of the client machine 20 inputs identification information for specifying the biometric authentication information that has been successfully authenticated from the USB memory 10, and transmits the identification information together with the device ID to the server machine 50. In 50, it is confirmed whether or not the identification information is registered as that of the user who is the subject of prohibition of use of the USB memory 10.
If it is registered as a use prohibition target, the USB memory 10 is disabled.

If the above authentication processing is successful, the offline time authentication means 21d of the client machine 20 stores the current date and time at the latest online time 11d in the USB memory 10 (step 38). The latest online time 11d is used to limit the usage time within the longest offline time when offline.
Further, the log recording unit 21e of the client machine 20 records the authentication history information of the USB memory 10 in the USB memory authentication history recording unit 15 of the USB memory 10 (step 39). As described above, this authentication history holds information such as access time, access contents, and access results.

Then, the log transmission unit 21f of the client machine 20 transmits the authentication history information of the USB memory 10 to the server machine 50 (step 40), and the log deletion unit 21g of the client machine 20 transmits the transmitted authentication history information to the USB memory 10 (Step 41).
On the other hand, the server machine 50 records the received authentication history information in the USB memory authentication history 51d. As a result, the USB memory authentication history can be managed on the server machine 50 side. Thereafter, when the authentication history information is received by the server machine 50, the recording is performed in the same manner.

Next, a case where a file stored in the client machine 20 is copied to the USB memory 10 will be described. Note that the processing related to file duplication in the present embodiment can be similarly applied to the case of moving the file.
When the client machine 20 starts copying the file 22c to the USB memory 10 (step 42), the encryption processing A means 14 of the USB memory 10 performs encryption processing A on the file and encrypts the file. 17 (step 43). As described above, performing the encryption process A when copying a file to the USB memory 10 is a known technique. In the present invention, a known technique can be used for the encryption process A.

Next, the log recording unit 21e of the client machine 20 records file access history information in the USB memory authentication history recording unit 15 in the USB memory 10 (step 44). As described above, the history information includes the access time, the name of the accessed file, the access content, and the like.
Next, the log transmission unit 21f of the client machine 20 transmits the file access history information of the USB memory 10 to the server machine 50 (step 45), and the log deletion unit 21g of the client machine 20 displays the transmitted file access history information. Delete from the USB memory 10 (step 46).
On the other hand, the server machine 50 records the received file access history information in the file access history 51e. As a result, the file access history can be managed on the server machine 50 side. Thereafter, when the file access history information is received by the server machine 50, the recording is performed in the same manner.

<Information Leakage Suppression Processing when USB Memory 10 is Connected to Client Machine 30 (External, Online)>
Next, with reference to FIG. 10 (FIGS. 10a and 10b), an information leakage suppression processing procedure when the USB memory 10 is connected to the client machine 30 will be described.
When the USB memory 10 is connected to the client machine 30, the client machine 30 executes an information leakage prevention program existence confirmation process in the same manner as in step 30 of FIG. 9A (step 60). At this time, if the information leakage prevention program does not exist in the client machine 30, the client machine 30 copies the information leakage prevention program 12 in the USB memory 10 to the client machine 30 itself and stores it in the recording means 32 as the information leakage prevention program 32a. In addition to storing, the information leakage prevention program is started.

Next, the operations (step 61 to step 71) from the biometric authentication process to the deletion of the authentication history information from the USB memory 10 are the same as the operations related to the client machine 20 shown in FIGS. 9a and 9b (steps 31 to 41). It is the same.
In step 63, the IP address of the client machine 30 is transmitted to the server machine 50. Further, the MAC address or the like of the client machine 30 can be transmitted to the server machine 50. Therefore, on the server machine 50 side, it is possible to specify a client machine 30 outside the company where the USB memory 10 is used.

Next, a case where a file stored in the USB memory 10 (encrypted processing A) is copied to the client machine 30 will be described.
When copying of the encrypted file 17 of the USB memory 10 to the client machine 30 is started (step 72), the encryption processing A means 14 of the USB memory 10 decrypts the file 17. Next, the encryption unit 31h of the client machine 30 performs the encryption process B on the decrypted file, and then copies it to the recording unit 32 as a file (encryption process B completed) 32c (step 73).
As described above, according to the present invention, when the file is copied from the USB memory 10 to the client machine 30 which is a computer outside the company, the encryption process can be performed.

  If the USB memory 10 is connected to the client machine 30 and the biometric authentication is successful, the encrypted file can be decrypted and referenced by the decrypting means 31i. Therefore, in this case, when the file 32c is accessed based on the execution of the application program 32b in the client machine 30, the file 32 is decrypted by the decrypting means 31i, and the client machine 30 executing the application program 32b. Passed to the CPU. For this reason, when executing the application program 32b, the file 32c does not appear to be encrypted.

On the other hand, after the USB memory 10 is removed from the client machine 30, the decryption means 31i does not decrypt the file 32c unless the USB memory 10 is connected again and biometric authentication is successful. Therefore, in this case, even if the file 32c is accessed based on the execution of the application program 32b in the client machine 30, the file 32c remains encrypted, and the user cannot use the file.
Therefore, according to the present invention, the user records certain information from the in-house computer in the USB memory 10, copies it to a personal computer at home, and then forgets to delete the copied information. Even in such a case, since it is necessary to succeed in biometric authentication after connecting the USB memory 10 to the client machine 30 in order to refer to the information, it is not possible for a third party to use the information taken out. Can not.

  Next, the log recording unit 31e of the client machine 30 records file access history information in the file access history recording unit 16 of the USB memory 10 (step 74), and the log transmission unit 31f of the client machine 30 stores the history information. The log deletion means 31g of the client machine 30 deletes the history information from the file access history recording unit 16 of the USB memory 10 (step 76).

<Information leakage suppression processing when the USB memory 10 is connected to the client machine 40 (external, offline)>
Next, with reference to FIG. 11 (FIGS. 11a and 11b), an information leakage suppression processing procedure when the USB memory 10 is connected to the client machine 40 will be described.
When the USB memory 10 is connected to the client machine 40, the client machine 40 executes the presence check process of the information leakage prevention program in the same manner as in step 30 of FIG. 9a (step 80). At this time, if the information leakage prevention program does not exist in the client machine 40, the client machine 40 copies the information leakage prevention program 12 in the USB memory 10 to the client machine 40 itself and stores it in the recording means 42 as the information leakage prevention program 42a. In addition to storing, the information leakage prevention program is started.

Next, the operation (steps 81 and 82) of the biometric authentication process is the same as the operation (steps 31 and 32) related to the client machine 20 shown in FIG. 9a.
Next, the server connection unit 41a of the client machine 40 attempts to access the server machine 50, but the client machine 40 will not be connected to the server machine 50, and the connection by the server connection unit 41a is not successful ( Step 83). Note that it is also possible to manually stop the function of the server connection means 41a and set it to an offline state so that offline processing is executed thereafter without performing the processing of that step.

Since the server connection unit 41a does not access the server machine 50, the offline time authentication unit 41d of the client machine 40 performs the offline time authentication process by one of the two methods described above with reference to FIG. Is executed (steps 84 and 85).
If the offline time exceeds the longest offline time, the USB memory 10 is disabled. In this case, the USB memory 10 can only be used online.

When the offline time does not exceed the maximum offline time, the offline authentication process is completed.
Next, the log recording unit 41e of the client machine 40 records the authentication history information of the USB memory 10 in the USB memory authentication history recording unit 15 of the USB memory 10 (step 86). However, in the case of the client machine 40, unlike the case of the client machine 20 and the client machine 30, the client machine 40 is offline, so the log transmission means 41f of the client machine 40 does not transmit the authentication history information to the server machine 50, and the client machine 40 The authentication history information is not deleted by the log deleting means 41g of the machine 40.

Next, when file access such as reading or writing is performed on the file (encrypted B) 42c stored in the USB memory 10 (step 87), the log recording unit 41e of the client machine 40 The file access history information is recorded in the file access history recording unit 16 of the USB memory 10 (step 88).
Also in this case, since the client machine 40 is offline, the file access history information is not transmitted to or deleted from the server machine 50 as in the case of the authentication history information, and the history information is stored in the USB memory 10. The

The history information stored in the USB memory 10 in this way can be transmitted to the server machine 50 as soon as the USB memory 10 is connected to an online computer and all authentications are successful.
For example, when the history information is accumulated in the USB memory 10 and the USB memory 10 is connected to the client machine 30, the history information is stored in the server by the log transmission unit 31f immediately after step 67 shown in FIG. The data can be transmitted to the machine 50 and can be deleted from the USB memory authentication history recording unit 15 and / or the file access history recording unit 16 of the USB memory 10 by the log deletion unit 31g.

  Next, when the file stored in the USB memory 10 is copied to the client machine 40, the encryption process is performed by the encryption unit 41h of the client machine 40 in the same manner as in Steps 72 to 74 in FIG. B is performed and copied, and file access history information is stored (steps 89 to 91). However, in this case as well, history information is transmitted to the server machine 50 and deleted from the USB memory 10 without being stored, and then the USB memory 10 is connected to an online computer and all authentication is successful. In addition, these transmission and deletion processes are executed.

When the file (encrypted B) 42c saved in the recording unit 42 of the client machine 40 is accessed by the CPU of the client machine 40 based on the execution of the application program, the decrypting unit 41i of the client machine 40 The file 42c is decrypted and transferred to the CPU of the client machine 40 (step 92).
Thus, when executing the application program, the file 42c appears not to be encrypted.

  When the CPU of the client machine 40 based on the execution of the application program stores the file decrypted by the decryption means 41i with a different file name, the file is encrypted by the encryption means 41h of the client machine 40. Thereafter, it is stored in the hard disk of the client machine 40 (step 93).

When the USB memory 10 is removed from the client machine 40, the decryption means 41i of the client machine 40 does not execute the decryption process (step 94).
Accordingly, in this case, when the CPU of the client machine 40 is accessed based on the execution of the application program with respect to the file (encrypted B) 42c of the client machine 40, the file 42c of the client machine 40 is decrypted. No decryption is performed. For this reason, the user cannot use the file 42c.

  As described above, each process in the information leakage suppression system of the present invention is performed according to the occurrence of an event, and is not necessarily limited to the procedure shown in the flowchart. For example, steps 87 to 88, step 89 to step 91, step 92, step 93, and step 94 in FIGS. 11a and 11b can be executed in any order.

Next, the encryption unit based on the information leakage prevention program described with reference to FIG. 11B and the output blocking process will be described with reference to FIG. Note that “program” in FIG. 12 indicates the CPU and memory of the client machine 40 that performs processing defined in the program by executing the program.
A file copied from the USB memory 10 to the hard disk of the client machine 40 is encrypted and stored as shown in the hard disk of FIG.

When the information leakage prevention program is executed in the client machine 40 and the USB memory 10 is connected to the client machine 40 and all the authentication processes are successful, the application program converts the encrypted file to an encrypted file. Is accessed, the file is decrypted by the decrypting means 41i generated in the client machine 40 by the execution of the information leakage prevention program.
For this reason, in the process based on the application program, the encrypted file in the hard disk is decrypted and used.

In addition, even if an attempt is made to save the decrypted file with a different file name by processing based on the application program, the file is encrypted by the encryption means 41h generated in the client machine 40 by executing the information leakage prevention program. Is done.
Therefore, a decrypted file corresponding to the encrypted file stored on the hard disk cannot be created separately.

Further, when the application program is executed, even if the file decrypted by the decrypting means 41 i is to be printed by the printer, the printing cannot be executed by a print restricting means (not shown) in the client machine 40.
Similarly, even if an attempt is made to output a decrypted file to a network card or a certain display device, these processes can be disabled by the print restriction unit.

[Second Embodiment]
Next, the structure of 2nd embodiment of this invention is demonstrated with reference to FIG.13 and FIG.14. FIG. 13 is a block diagram showing a configuration of a client machine (in-house, online) in the information leakage prevention system according to the second embodiment of this invention. FIG. 14 is a block diagram showing a configuration of a server machine in the information leakage suppression system.
In addition to the configuration of the first embodiment, the information leakage suppression system of the present embodiment is capable of automatically acquiring administrator authority when the client machine 20 executes processing that requires administrator authority. Different from the first embodiment. Other configurations are the same as those in the first embodiment.

  That is, as shown in FIG. 13, the client machine 20 in the present embodiment includes an administrator authority information acquisition unit 21j, a determination unit 21k, an administrator authority information required program execution unit 21l, an administrator in addition to the configuration in the first embodiment. A program 22d requiring authority is provided. These means are also configured by the CPU and the memory in the client machine 20 by executing the information leakage prevention program of the present embodiment in the client machine 20.

The administrator authority information acquisition unit 21 j receives administrator authority information from the server machine 50.
Here, the OS defines the range of executable processes for each login ID. The administrator authority information in the present invention means authentication information including a login ID that is permitted by the OS to execute all types of processing and a password thereof.
The administrator means a person who can execute various processes by the OS (operating system) of the information leakage prevention apparatus without any special restriction.
Note that when the authority of the administrator is classified by a certain processing range by the OS, the administrator authority information is permitted by the OS to execute all types of processing within the divided ranges. It means authentication information, and an administrator means a person who can execute various processes within the scope without any special restriction.

The determination unit 21k determines whether or not the administrator information from the server machine 50 has been successfully received. Then, if successful, the received administrator authority information is output to the administrator authority information required program execution means 21l.
When the reception of the administrator information has failed, the determination unit 21k displays a manual input screen for administrator information on the display of the client machine 20 and enables the input. The inputted administrator authority information is output to the administrator authority information required program execution means 21l.

The administrator authority information required program execution means 21l uses the entered administrator authority information to log in to the OS again and tries to start the program 22d that requires the administrator authority.
Then, when the authentication process is performed based on the administrator authority and the program 22d is activated, various processes that require the administrator authority can be executed.

Further, as shown in FIG. 14, the server machine 50 includes administrator authority information 51g in addition to the configuration in the first embodiment.
This administrator authority information 51g is information on a login ID (user ID) and a password for permitting the OS to execute all types of processing as an administrator.

  Next, a processing procedure in the information leakage suppression system of this embodiment will be described with reference to FIGS. 15 and 16. FIG. 15 is a flowchart showing a processing procedure (setting of administrator authority information to the server machine) in the information leakage suppression system of this embodiment. FIG. 16 is a flowchart showing a processing procedure (automatic acquisition of administrator authority) in the system.

First, with reference to FIG. 15, a procedure for setting administrator authority information to the server will be described.
The server machine 50 stores the inputted administrator authority information (user ID, password) in the recording unit 51 as administrator authority information 51g (step 100).

Next, with reference to FIG. 16, a description will be given of a procedure for automatically acquiring administrator authority when executing processing that requires administrator authority.
First, when the client machine 20 executes a process that requires administrator authority, the administrator authority information acquisition unit 21j accesses the server machine 50 via the communication line 60 and stores the administrator stored in the recording unit 51. The authority information 51g is received (step 110).

The determination unit 21k of the client machine 20 determines whether or not the reception is successful (step 111). If the reception is successful, the received administrator authority information is sent to the administrator authority information required program execution unit 21l of the client machine 20. Output.
On the other hand, if the reception has failed, the determination unit 21k displays a manual input screen for administrator authority information on a display unit (not shown). When the administrator authority information is input by an input means (not shown), it is output to the administrator authority information necessary program executing means 21l (step 112).

Next, the administrator authority information necessary program execution means 21l uses the entered administrator authority information to log in to the OS again and tries to start the program 22d that requires the administrator authority (step 113).
When the program 22d requiring administrator authority can be started (step 114), the client machine 20 can execute various processes requiring administrator authority according to this program (step 115).

Note that not only the program 22d that requires administrator authority but also the processing that requires administrator authority is executed by executing the information leakage prevention program, the client machine 20 automatically assigns the administrator authority in the same manner. It is possible to obtain and perform the processing.
In addition, the automatic acquisition process of the administrator authority according to the present embodiment can be performed by the client machine 30.

As described above, according to the information leakage prevention system of this embodiment, when a user who does not have administrator authority connects the USB memory 10 to the client machine 20 or the like and performs various processes, the administrator authority is given. When a necessary program needs to be executed, the administrator authority information can be automatically acquired from the server machine 50 and the program can be executed.
For this reason, it is possible to eliminate giving the administrator authority to many users, and it is possible to reduce the work load of the person having the administrator authority.

It goes without saying that the present invention is not limited to the above embodiment, and that various modifications can be made within the scope of the present invention.
For example, instead of a USB memory, a log can be traced by using a recording medium of another standard and recording the log on the recording medium. In addition, when copying a file from the other recording medium to the computer, it is possible to appropriately change the information leakage prevention by performing an encryption process.

  An information leakage prevention apparatus, an information leakage prevention program, an information leakage prevention recording medium, and an information leakage prevention system according to the present invention store information stored in a computer on a recording medium such as a USB memory and use it on another computer. When used, it can be suitably used as one that can effectively prevent leakage of the information.

It is a block diagram which shows the structure of the information leakage suppression system of 1st embodiment of this invention. It is a block diagram which shows the structure of the USB memory in the information leakage suppression system of 1st embodiment of this invention. It is a block diagram which shows the structure of the client machine (in-house, online) in the information leakage suppression system of 1st embodiment of this invention. It is a block diagram which shows the structure of the client machine (external, online) in the information leakage suppression system of 1st embodiment of this invention. It is a block diagram which shows the structure of the client machine (external, offline) in the information leakage suppression system of 1st embodiment of this invention. It is a block diagram which shows the structure of the server machine in the information leakage suppression system of 1st embodiment of this invention. It is a flowchart which shows the process sequence (initial setting to a server machine) in the information leakage suppression system of 1st embodiment of this invention. It is a flowchart which shows the process sequence (initial setting to a client machine) in the information leakage suppression system of 1st embodiment of this invention. It is a flowchart which shows the process sequence (When a USB memory is connected to a client machine (in-house, online) (first half)) in the information leakage suppression system of 1st embodiment of this invention. It is a flowchart which shows the process sequence (when a USB memory is connected to a client machine (in-house, online) (second half)) in the information leakage suppression system of the first embodiment of the present invention. It is a flowchart which shows the process sequence (when a USB memory is connected to a client machine (external, online) (first half)) in the information leakage suppression system of the first embodiment of the present invention. It is a flowchart which shows the process sequence (When a USB memory is connected to a client machine (external, online) (second half)) in the information leakage suppression system of the first embodiment of the present invention. It is a flowchart which shows the process sequence (When a USB memory is connected to a client machine (external, offline) (first half)) in the information leakage suppression system of the first embodiment of the present invention. It is a flowchart which shows the process sequence (when a USB memory is connected to a client machine (external, offline) (second half)) in the information leakage suppression system of the first embodiment of the present invention. It is a conceptual diagram of the encryption process and output prevention process by the information leakage suppression program in the information leakage suppression system of 1st embodiment of this invention. It is a block diagram which shows the structure of the client machine (in-house, online) in the information leakage suppression system of 2nd embodiment of this invention. It is a block diagram which shows the structure of the server machine in the information leakage suppression system of 2nd embodiment of this invention. It is a flowchart which shows the process sequence (setting of the administrator authority information to a server machine) in the information leakage suppression system of 2nd embodiment of this invention. It is a flowchart which shows the process sequence (automatic acquisition of an administrator authority) in the information leakage suppression system of 2nd embodiment of this invention.

Explanation of symbols

10 USB memory 11 Authentication information recording unit 11a Device ID
11b Biometric authentication information 11c Longest offline time 11d Latest online time 11e Offline available time 12 Information leakage suppression program recording unit 13 Biometric authentication unit 14 Encryption processing A unit 15 USB memory authentication history (log) recording unit 16 File access history (log) Recording unit 17 File (encryption processing A finished) Recording unit 20 Client machine (in-house, online)
21 Information leakage suppression means 21a Server connection means 21b Device authentication means 21c User authentication means 21d Offline time authentication means 21e Log recording means 21f Log transmission means 21g Log deletion means 21h Encryption means 21i Decryption means 21j Administrator authority information acquisition means 21k Judgment means 21l Administrator authority information required program execution means 22 Recording means 22a Information leakage prevention program 22b Application program 22c File (not encrypted)
22d Program that requires administrator authority 30 Client machine (external, online)
31 Information leakage prevention means 31a Server connection means 31b Device authentication means 31c User authentication means 31d Offline time authentication means 31e Log recording means 31f Log transmission means 31g Log deletion means 31h Encryption means 31i Decryption means 32 Recording means 32a Information leakage prevention program 32b application program 32c file (encrypted B)
40 client machines (external, offline)
41 Information leakage prevention means 41a Server connection means 41b Device authentication means 41c User authentication means 41d Offline time authentication means 41e Log recording means 41f Log transmission means 41g Log deletion means 41h Encryption means 41i Decryption means 42 Recording means 42a Information leakage prevention program 42b Application program 42c File (encrypted B)
50 Server machine 51 Recording means 51a Device ID
51b User management information 51c Maximum offline time 51d USB memory authentication history (log)
51e File access history (log)
51f Information leakage prevention program 51g Administrator authority information 60 Communication line

Claims (10)

An information leakage prevention program for causing a computer connected to a removable recording medium having a biometric authentication means for authenticating a user to prevent leakage of information recorded on the recording medium,
Stored in the recording medium,
When the recording medium is connected to the computer, it is confirmed whether or not the information leakage prevention program exists in the computer, and if it exists and is not activated, activates the information leakage prevention program, If not, the information leakage suppression program stored in the recording medium is started,
The computer,
Copying means for copying or moving information recorded on the recording medium and recording the information on a predetermined recording means in the computer,
When the information is recorded on the recording unit by the duplicating unit, the information is input from the duplicating unit and encrypted before the recording, and the encrypted information is recorded as information to be recorded on the recording unit. Encryption means for outputting to the duplication means; and
The information recorded in the recording means is received in response to a successful result of a user authentication process executed by the biometric authentication means provided in the recording medium with the recording medium connected to the computer. An information leakage prevention program for functioning as a decryption means that decrypts and does not decrypt the information when authentication fails. The computer,
A program execution means for performing authentication processing at the time of starting a predetermined program and executing the predetermined program by successfully performing the authentication processing only when authentication information of an administrator of the computer is input; and
When starting the predetermined program, the server device is accessed via a communication line, and functions as an administrator authority information acquisition unit that receives the administrator authentication information from the server device,
2. The information leakage suppression according to claim 1, wherein the program execution unit causes the authentication information of the administrator to be input from the administrator authority information acquisition unit to perform an authentication process to execute the predetermined program. program. The computer,
As a history of accesses made by the computer to the recording medium, information for tracking the user of the file to be accessed, at least the access time, the file name to be accessed, the content of the access, and the access Log recording means for writing the identification information of the computer, the identification information of the recording medium, and the identification information of the user specified by the biometric authentication means to the recording medium,
Log transmission means for reading the access history written in the recording medium by the log recording means from the recording medium and transmitting the history to a server device via a communication line; and
When the log transmission unit transmits the access history to the server device, the log transmission unit functions as a log deletion unit that deletes the transmitted access history from the recording medium,
When writing the access history to the recording medium by the log recording unit is performed when the computer is not connected to the server device,
The information leakage suppression program according to claim 1, for causing the log transmission unit to transmit the access history to the server device when the computer is connected to the server device.   4. The information leakage according to claim 3, wherein the content of the access is any one of creation of a new file, writing of information to the file, reading of information from the file, deletion of the file, or renaming of the file. Suppression program. In the log transmission means,
5. The information leakage prevention program according to claim 3 or 4, for causing the access history to be transmitted to the server device immediately after the access history is written to the recording medium by the log recording unit. . The computer,
When the computer is not connected to the server device, the longest offline time indicating the maximum time for which the computer is allowed to access the recording medium, and the latest time when the computer is connected to the server device. When the online time is read from the recording medium and the current time is obtained from a predetermined time server via a communication line, and the difference between the current time and the latest online time exceeds the longest offline time An information leakage suppression program according to any one of claims 1 to 5, which functions as an off-line time authentication means for prohibiting access by the computer to the recording medium. The computer,
When the computer is not connected to the server device, the offline time that indicates the remaining time during which the computer is allowed to access the recording medium is read from the recording medium. 6. The offline time authentication means for functioning as an offline time authentication means for prohibiting access by the computer to the recording medium when the fixed time is subtracted from the available time and the offline available time becomes zero. Information leakage prevention program described in Crab.   8. An information leakage suppression recording medium in which the information leakage suppression program according to claim 1 is recorded. An information leakage suppression apparatus for connecting a detachable recording medium provided with a biometric authentication means for authenticating a user and suppressing leakage of information recorded on the recording medium,
When the recording medium is connected to the information leakage prevention device, the information leakage prevention device checks whether a predetermined information leakage prevention program exists, and if the information leakage prevention device does not exist and is not activated, the information Start a leakage prevention program, and if it does not exist, start the information leakage prevention program stored in the recording medium, and generate a duplication unit, an encryption unit, and a decryption unit in the information leakage prevention device Program execution means for
Copying or moving the information recorded on the recording medium, and causing the predetermined recording means in the information leakage prevention apparatus to record the copying means;
When the information is recorded on the recording means by the duplicating means, before the recording, the information is input from the duplicating means and encrypted, and the encrypted information is recorded as information to be recorded on the recording means. The encryption means for outputting to the duplication means;
The information recorded in the recording means is received in response to a successful result of the user authentication process executed by the biometric authentication means provided in the recording medium with the recording medium connected to the computer. An information leakage suppression apparatus comprising: a decryption unit that decrypts and does not decrypt the information when authentication fails. An information leakage suppression system that suppresses leakage of information recorded on the recording medium by an information leakage suppression device connected to a detachable recording medium provided with a biometric authentication means for authenticating a user,
A detachable recording medium comprising the biometric authentication means;
When the recording medium is connected to the information leakage prevention device, the information leakage prevention device checks whether a predetermined information leakage prevention program exists, and if the information leakage prevention device does not exist and is not activated, the information Start a leakage prevention program, and if it does not exist, start the information leakage prevention program stored in the recording medium, and generate a duplication unit, an encryption unit, and a decryption unit in the information leakage prevention device The information is recorded on the recording means by the duplicating means for copying or moving the information recorded on the recording medium and recording the information on the predetermined recording means in the information leakage prevention apparatus. Before the recording, the information is input from the duplicating means and encrypted, and the encrypted information is recorded in the recording means. Said encryption means for outputting to the duplication unit as the information, and the recording medium in a state connected to the computer, which is performed by the biometric authentication means provided in the recording medium, the success of the authentication process of the user An information leakage suppression device including a decrypting unit that decrypts the information recorded in the recording unit in response to the result and that does not decrypt the information when authentication fails. Leakage suppression system.

Images