JP4450653B2 - Electronic information management system - Google Patents

Description

The present invention relates to electronic information management system for managing electronic information, and more particularly, an electronic information and maintaining the ease of access and can prevent unauthorized access to the shared information stored is digitized it relates to management systems.

  Recently, with the development of computers and networks, various information that has been stored as paper documents in the past has been digitized and used for information sharing and the like. In general, since an apparatus that stores electronic information used as shared information is connected to a network, it may be illegally accessed through the network. In addition, even if it is an access from a legitimate user, for example, it may be seen by a person standing behind because of inadvertent access such as in a train, etc. There is also a problem.

  In order to solve such a problem, in Patent Document 1, terminal data is registered, and access authority to information is set for each terminal. By adopting such a method, even data that can be printed at the office or home can be prevented from being printed from a terminal such as a convenience store. Further, in Patent Document 2, a user's location is detected using entry / exit management information, GPS, or the like, and is matched with the location information of a previously registered terminal, so that the user can access using that terminal. You are guaranteed. Furthermore, in Patent Document 3, the position of a device to which security is to be applied is detected, and the security level is changed depending on the position. By adopting this method, it is possible to prevent data stored in a notebook computer or the like from being seen on a train, or to prevent data from being leaked from a stolen notebook computer.

JP 2000-29845 A JP 2001-175601 A JP 2003-99400 A

  However, according to Patent Document 1, access from an inappropriate place can be prohibited by registering terminal data and setting access authority to information for each terminal. There is a problem that it is necessary to register, and even a user having a legitimate access right cannot access from a terminal that is not registered, so that the convenience of access to the shared information of the user having the legitimate access right is impaired. there were.

  According to Patent Document 2, although it can be ensured that a certain user is accessing the terminal at a specific location using a terminal, the terminal itself is movable and a wireless LAN is used. There is a problem that it cannot be applied when it is used, and there is a problem that it is necessary to re-register the location information of the terminal when the terminal is moved.

Furthermore, according to Patent Document 3, for example, data stored in a notebook computer or the like is prevented from being viewed in an inappropriate place such as in a train, or data is not leaked through a stolen notebook computer. However, there is a problem that it is not an effective solution for illegal access through a network.

The present invention has been made in view of the above, and prohibits access from an inappropriate place, prohibits unauthorized access via a network, and stores the shared information in an electronic form. and to provide an electronic information management system capable of maintaining the convenience of access to.

In order to solve the above-described problems and achieve the object, an electronic information management system according to claim 1 includes electronic information management means for managing electronic information, and a user for acquiring electronic information from the electronic information management apparatus. A terminal device, position information detecting means for detecting the position information of the user terminal device, and authenticating the position of the user terminal device from the position information detected by the position information detecting means to obtain an access right to the user terminal device. Changing the position authentication means, and the electronic information management means uses the position information detected by the position information detection means when a new file is registered from the user terminal apparatus. embeds the appropriate file to generate access restriction information for permitting access in response to said position, conductive make changes permissions In the information management system, the electronic information management means detects a plurality of user terminal devices existing in a specific area via the position information detection means, and permits access only to those user terminal devices. A shared folder generated for sharing a file between the user terminal devices is created . According to the present invention, the access right is set according to the installation location (position) of the user terminal device to be used, and the access can be restricted without the user being aware of it. Further, by providing a shared folder in which an access right is automatically set to a plurality of users (user terminal devices), information sharing at a meeting or the like is facilitated.

According to the electronic information management system according to the present invention, since the access right by the position of the user terminal device is changed to prohibit access from the wrong location, and to prohibit unauthorized access via the network At the same time, it is possible to maintain the convenience of access to the shared information stored in an electronic form.
In addition, access restriction information according to location is embedded in the file, so if the user terminal device is stolen or if the file (data) leaks out, it will not be seen, and higher security Can be realized.
In addition, since access restriction information based on the position is automatically embedded in the file, high security can be easily realized without the user being aware of it.
In addition, since the position is detected using a wireless tag, it can be used at low cost without worrying about power consumption.
In addition, the wireless tag can be embedded in a pillar or wall in the office, so that higher security can be realized.
Further, by providing a folder in which an access right is automatically set for a plurality of users (user terminal devices), information sharing at a meeting or the like is facilitated.
In addition, when registering a data file from a client, it is possible to encrypt the file after automatically adding access control information based on the location using the location information of the registered client. Even if data is leaked, it cannot be read. For this reason, a high level of security can be realized without the user being aware of it.

It will be described below in detail with reference to examples of the electronic information management system according to the present invention with reference to the accompanying drawings. Note that the present invention is not limited to the embodiments.

  FIG. 1 is a diagram illustrating an example of the overall configuration of the electronic information management system according to the first embodiment. The electronic information management system according to the first embodiment includes a file server (hereinafter referred to as a server) 101 that is an electronic information management device that manages electronic information (files), and a user terminal device that acquires electronic information from the server 101. The position of the client 102 from the position information detected by the wireless tag reader 103a and the wireless tag 103b, and the wireless tag reader 103a and the wireless tag 103b which are position information detecting means for detecting the positional information of the client 102. A location authentication unit 104 that is a location authentication unit that authenticates and changes the access right of the client 102.

  The server 101, the client 102, and the wireless tag reader 103a are connected to each other via a network. The wireless tag reader 103a and the wireless tag 103b are connected by wireless communication.

  Further, access restriction information based on position is embedded in a file (electronic information) registered in the server 101. In addition, when a new file is registered from the client 102, the server 101 is configured to generate access restriction information based on the position from the detected position information and embed it in the corresponding file.

In the above configuration, the operation will be described in the order of (1) normal access management and (2) access management in which the access right is changed depending on the position of the client.
(1) Normal Access Management First, general access management will be described using file management by the server 101 as an example. When a user reads a file from the server 101, the client 102 accesses the server 101 via a network (wireless or wired) and reads the file. The server 101 checks the access right based on the user's login information and controls the reading / writing of the file.

(2) Access management for changing the access right according to the position of the client The access management for changing the access right according to the position of the client according to the first embodiment will be described. The unique ID of the wireless tag 103b attached to the client 102 is read by the wireless tag reader 103a, and the information on the unique ID is transmitted to the position authentication unit 104 of the server 101. Next, when the client 102 tries to access a file with access restrictions depending on the location, the location authentication unit 104 of the server 101 requests the unique ID of the wireless tag 103b from the client 102 and is sent from the client 102. The unique ID and the unique ID sent from the wireless tag reader 103a are inquired to permit access. Specifically, when the unique ID from the client 102 and the unique ID from the wireless tag reader 103a match, access is permitted, and when they do not match, access is prohibited. Since the installation location of the wireless tag reader 103a is registered in advance, the position information can be confirmed by recognizing the wireless tag reader 103a. However, when a plurality of wireless tag readers 103 a are connected, both the unique ID of the wireless tag reader 103 a and the unique ID of the wireless tag 103 b are transmitted to the position authentication unit 104.

  Since the communication distance of the wireless tag 103b is often as short as several meters or less, the client 102 can be guaranteed to be in a specific section of the office (near the wireless tag reader 103a). By adopting such a method, it is possible to maintain high security while sharing information through the network.

  As described above, in the first embodiment, since the position of the terminal can be detected in real time, it is not necessary to register terminal information in advance. Also, if you are a person who can enter the area without specifying a user, you can also set access rights for all people. When granting temporary access rights at meetings and other occasions, Access rights can be granted very easily.

  Further, by using the wireless tag 103b, a system can be constructed at a low cost. In the case where the wireless tag 103b is a wireless tag that does not require a battery, there is an advantage that the user does not need to worry about power consumption or the like and does not require maintenance. On the other hand, even a wireless tag that uses a battery has the advantage that it only needs to be changed once every few months to several years because of low power consumption, and the burden on the user is small.

  In the first embodiment, the configuration in which the server 101 and the wireless tag reader 103a are connected through the network is shown. However, the present invention is not limited to this, and the same applies to the case of direct connection. Further, even when a plurality of wireless tag readers 103a and wireless tags 103b, a plurality of clients 102, and a plurality of servers 101 exist through a network or the like, basically the same is true.

  Furthermore, if you embed access control information based on location in the file itself, encrypt the file, and decrypt it, you must be in a specific area, and the copied data will leak out. However, it cannot be read.

  When registering a data file from the client 102, the location information of the client 102 to be registered is used to automatically add the access control information based on the location and then encrypt the file. Both can achieve high security.

  FIG. 2 is a diagram illustrating a configuration of the electronic information management system according to the second embodiment. Since the basic configuration is the same as that of the first embodiment, only different parts will be described here. In the second embodiment, as illustrated, a wireless tag reader 103a is connected to the client 102 side. The wireless tag 103b is installed in the office. For example, it is assumed that it is embedded in an office wall or pillar. The location authentication unit 104 of the server 101 identifies the location based on the unique ID information of the wireless tag 103b that can be read by the client 102, and restricts access based on the location. That is, using the wireless tag 103b installed at the place where the client 102 is used and the wireless tag reader 103a connected to the client 102, the wireless tag reader 103a reads the wireless tag 103b to detect the position of the client 102. ing.

  In the second embodiment, when the client 102 tries to access a file with access restriction by location, the location authentication unit 104 of the server 101 sends a unique ID (in this case, location information) of the wireless tag 103b to the client 102. Equivalent). The client 102 acquires the unique ID of the wireless tag 103b via the connected wireless tag reader 103a and transmits it to the position authentication unit 104. The location authentication unit 104 permits access after inquiring about the unique ID sent from the wireless tag reader 103a and the unique ID of the wireless tag 103b registered in advance. Specifically, access is permitted when the unique ID acquired by the wireless tag reader 103a matches the unique ID of the wireless tag 103b registered in advance, and access is prohibited when they do not match. To do. By adopting such a method, it is possible to maintain high security while sharing information through the network.

  FIG. 3 is a diagram illustrating the configuration of the electronic information management system according to the third embodiment. As shown in the figure, when the electronic information management system of the third embodiment detects a plurality of clients 102 by the position information detection means (the wireless tag 103b and the wireless tag reader 103a attached to each client 102), the server 101 Create a folder to which the access right is given to the client 102. For example, if you want to share computerized information among members who are participating in a conference, you can maintain high security while easily sharing information by using the folder created in this way as a shared folder it can.

As described above, the electronic information management system according to the present invention are useful in granting access to the shared information only authorized location, in particular, to access the electronic information from the mobile type of user terminal Suitable for.

It is a figure which shows the structure of the electronic information management system of Example 1. FIG. It is a figure which shows the structure of the electronic information management system of Example 2. FIG. It is a figure which shows the structure of the electronic information management system of Example 3. FIG.

Explanation of symbols

101 Server 102 Client 103a Wireless Tag Reader 103b Wireless Tag 104 Location Authentication Unit

Claims (1)

Electronic information management means for managing electronic information;
A user terminal device for obtaining electronic information from the electronic information management device;
Position information detecting means for detecting position information of the user terminal device;
Position authentication means for authenticating the position of the user terminal device from the position information detected by the position information detection means and changing the access right of the user terminal device;
With
The electronic information management means permits access according to the position of the user terminal device from the position information detected by the position information detection means when a new file is registered from the user terminal device. It generates an access restriction information and embeds in the appropriate file for an electronic information management system to make changes of access rights,
The electronic information management means detects a plurality of user terminal devices existing in a specific area via the position information detection means, and permits access only to those user terminal devices. An electronic information management system characterized by creating a shared folder for sharing a file .

Images