JP4709181B2 - Information access management device - Google Patents

Description

  The present invention relates to an information access management apparatus suitable for use in, for example, a document management system and information access control technology.

  In companies such as stores and offices, regular employees, temporary employees, part-time employees, part-time employees, and employees of cooperating outside parties work, management data such as product prices and inventory status, Personal data of customers and employees is browsed by various types of employees using a terminal device provided in the company. The types of data that can be handled differ depending on the location in the company. For example, personal data should be viewed by a terminal device in a designated area within the company, and this data was provided in a space where all employees could enter and exit, even within the same company. It should not be viewed by the terminal device. Even for employees who have a wide range of authority to access personal data and the like, there are places where the data can be browsed and places where the data should not be browsed. In other words, the access authority to data varies depending on the type and location of the employee, and the type of data that can be handled varies depending on the location.

  In recent years, in order to prevent fraud and improve the motivation of part-time employees, a management method for giving some authority has been introduced. For example, by giving limited management authority such as access to customer data according to the date and place of work and the place of work, the same work as regular employees is carried out, expanding the opportunities for part-time employees to play an active role It's like that.

Conventionally, there has been proposed a document management system capable of preventing access to a management document from an inappropriate place and allowing easy setting of authentication conditions (see Patent Document 1). The document management system described in Patent Document 1 measures the position of a document user by means of position information acquisition such as GPS, and estimates the user's own location from the position information.
JP 2006-195484 A (FIG. 1)

  In order to perform business efficiently and efficiently, the authority for data is temporarily promoted to be handled. The data created by the remote party may be changed or modified by a remote conference. In this case, since the important data is only viewed and cannot be edited, the work efficiency is lowered. In addition, if a person who has the authority to access data is absent for a long time, when data becomes necessary, a person other than the person who has the authority cannot access the data at all. Also, when delegating access authority, it is necessary to consider the location of the user to whom the delegation is made.

  In the document management system described in Patent Document 1, access authority is fixedly granted, and it can be said that the authority of the user is not changed for each place.

  In view of the above problems, an object of the present invention is to provide an information access management device capable of delegating authority to access data according to a user and a place.

In order to solve such problems, according to one aspect of the present invention, data storage means for storing information, user information from the terminal device, location information of the terminal device, and user authority are delegated. and communication means for providing the other party receives the first authority transfer data including a delegation level indicating the authority sends a notification to the terminal device when delegating the delegator information and rights of the grantor that, this Second authority delegation data that is updatable by the first authority delegation data received by the communication means and associates the delegator information of the delegator who delegates the authority, the delegated person information, and the delegation level The authority delegation data storage means for storing the information, the type of information of the data storage means to be given permission for output based on each element of the terminal, person and place, and the authority regarding the operation on this information are determined And authentication data holding means for holding the fit of the authentication data, the access authority information indicating whether the user is a legitimate the authentication data the terminal device examines the user information which the communication unit receives as an entry key User access means for outputting the access environment information for outputting the access environment information of the terminal device based on the location information received by the communication means , the access authority information , the access environment information and the delegated person Security policy data storage means for storing a policy data table composed of a plurality of policy data associated with a policy for deciding whether the delegated authority can be exercised in what access environment, and the terminal device Determination and change of user access authority, and user information of this user is stored in the authority delegation data storage Information access control means for determining whether the information is stored in a stage and controlling access to the information stored in the data storage means according to the policy data table, the information access control means, By receiving a data request from a person whose authority is to be delegated , a comparison is made as to whether or not policy data matching the access authority information and the access environment information is stored in the security policy data storage means. The authority to be delegated is determined for the input / output access authority to the information of the data storage means, and the delegated person information of the person to whom the authority is to be delegated is stored in the authority delegation data storage A person who determines whether or not the authority is stored by determining whether or not it is stored in the means is stored in the authority delegation data storage means. If was stored under delegator, said the reading of the second authority transfer data stored in the authority transfer data storing means determined for continuation of delegation processing is delegated the authority by the result of the determination Yo to those of the information access management unit and changes the access rights to the delegation level stored in the second delegation data is provided.

  According to the present invention, the authority to access data can be delegated according to the user and location.

  Hereinafter, an information access management apparatus according to an embodiment of the present invention will be described with reference to FIGS. In the drawings, the same portions are denoted by the same reference numerals, and redundant description is omitted.

(First embodiment)
FIG. 1 is a configuration diagram of an information management system according to the first embodiment of the present invention. The information management system according to the present embodiment handles document data as data to be managed, the user terminal device 1, the user terminal device 6 having the same configuration as the user terminal device 1, and these user terminal devices 1. , 6, and an information access management device 8 that controls the access authority for input / output of document data between the user terminal devices 1, 6 via the network 7.

  The user terminal device 1 includes an information processing terminal 2 that transmits / receives data related to a request for outputting document data and a request for delegating access authority to / from the information access management device 8, and an operator of the user terminal device 1 is authorized. As a key information, a user recognition unit 3 that recognizes that the user terminal device 1 is present, a position sensor unit 4 that wirelessly acquires location information of the user terminal device 1, and information unique to the user terminal device 1 are used as key information. A key management unit 5 that holds the tamper-resistant memory area and manages that the user terminal device 1 is a legitimate terminal is mounted.

  The user recognition unit 3 uses an IC card or a security chip such as a wireless tag or an RF module. The user terminal device 1 and the user can use the security chip and a wireless tag attached to the user. Have been paired. When the user is near the terminal, when the wireless tag attached to the user receives the user recognition signal transmitted from the user recognition unit 3, a reply signal is transmitted from the wireless tag. When the user recognition unit 3 receives the reply signal, the user recognition unit 3 determines whether or not the user is a regular user set in advance. If the user is a legitimate user, the user can operate the terminal. If the user leaves the terminal, the user recognition unit 3 uses the wireless tag attached to the user himself / herself. Since the reply signal from the terminal cannot be received, all the operations on the terminal are locked, and the operation of the terminal is disabled. The user recognizing unit 3 also functions as a user information output unit that outputs a user ID (user information).

  The position sensor unit 4 functions as position information output means. The position information acquired by the position sensor unit 4 will be described. As shown in FIG. 2, the user terminal device 1 includes position sensor antennas 10 and 11 provided in a terminal zone 9 in which the user can move. , 12 and 13, the zone ID included in each radio wave is received, and the position of the user is measured using this zone ID. The radio wave includes a signal transmitted from the zone signal transmitter 9 a as a zone ID, and is transmitted from each position sensor antenna 10 to 13 while maintaining certain zones 14, 15, 16, and 17. The position sensor unit 4 receives radio waves transmitted from any one of the position sensor antennas 10 to 13, and which zone the user terminal device 1 is placed in is based on the zone ID included in these radio waves. Judge whether or not. In this example, an ID indicating each zone is transmitted from the position sensor antennas 10 to 13 to the user terminal device 1. The user terminal device 1 transmits information representing the user terminal devices 1 and 6, and the position sensor antenna near the user terminal devices 1 and 6 receives this information so that the user terminal device 1 It is also possible to judge the zone where 1 and 6 are placed.

  Further, as the position information output means, the user terminal device 1 is equipped with a GPS (Global Positioning Systems) function, and the position information of the user terminal device 1 is calculated and output by a signal received from a GPS satellite. You can also. Also, a method of acquiring and outputting an IP address in a network, or a method of acquiring and outputting Hotspot (registered trademark) information in a wireless LAN may be employed.

  The function of the key management unit 5 is realized by a CPU (Central Processing Unit), ROM, RAM, IC, LSI, and the like. A terminal-specific key that proves that the user terminal device 1 is a legitimate terminal and a management value of a program in the terminal are stored, and has a function of outputting these upon request.

  Accordingly, when the user recognition unit 3 and the position sensor unit 4 receive a request for data from the network 7, the requested information, for example, a user ID (user information), a zone ID (position information) ) And the unique key information is transmitted to the information access management device 8. The information access management device 8 recognizes that the zone (position) where the user terminal devices 1 and 6 are placed is any one of a shared space, a safe space, a public space and a semi-safe space.

  Also, the information access management device 8 in FIG. 1 has a document database 18 (data storage means) for storing document data (information), access authority for each user (access authority information) and access for each zone for this document data. A policy data holding unit (security policy storage means) 19 for storing security policy data including a right (access environment information) and describing conditions for accessing document data, and a user transmitted from the user terminal device 1 An access reception unit 20 that receives an access request including an ID (user information) and a zone ID (position information), and updatable authority delegation data for delegating authority regarding document data among a plurality of users. The authority delegation data storage unit 21 (authority delegation data storage means) to be stored and the authority of the user of the user terminal device 1 are stored. The policy comparison / determination unit 22 that changes the access authority to the document data of the user of the user terminal device 1 in accordance with the authority delegation data and the document database 18 are output. Document input / output unit 23 that controls input / output operations for document data, and document data types to be given permission for output based on the elements of terminal, person, and place, and documents such as printing or saving of document data An authentication data holding unit 24 that holds authentication data for determining authority relating to operations on data, and a data processing unit 29 that includes the CPU 25, RAM 26, input / output device 27, and ROM 28 and controls the entire information access management device 8. . The access receiving unit 20 and the policy comparison / determination unit 22 also perform processing for the user terminal device 6.

  As a result, interface processing with the network 7 is performed in the access receiving unit 20, and the information access management device 8 can communicate with the user terminal devices 1 and 6 through the access receiving unit 20.

  In addition to this, the information access management device 8 checks the position of the user terminal device 1 and outputs a ZONE value (access environment information) representing the access environment of the user terminal device 1. Whether or not the user of the user terminal devices 1 and 6 is a legitimate user using the (access environment investigation means) and the user ID (user information) transmitted from the user terminal devices 1 and 6. A user survey unit 31 (user survey means) that outputs an IDLV value (access authority information) indicating whether or not the user is legitimate, and a document database 18 by examining the time or time when the access request was made. The access time survey unit 32 that outputs the access time or the TIME value representing the access time, and investigates whether the accessing user terminal device is safe and whether the user terminal device is safe An access terminal examining unit 33 that outputs a TERM value representing the presence, and an access right generating unit 34 that includes data such as an IDLV value, a TERM value, a TIME value, and a ZONE value and generates a secure value based on access control. Is provided.

  This secure value is also data for controlling access of the information access management device 8. The data representing the secure value has a structure represented by the reference numeral 35 in FIG. 3, for example, and is composed of data of an IDLV value 36, a TERM value 37, a TIME value 38, and a ZONE value 39. For details of these data, FIG. 4 shows an IDLV value, FIG. 5 shows a TERM value, FIG. 6 shows a TIME value, and FIG. 7 shows a ZONE value.

  Regarding the IDLV values (access authority information) in FIG. 4, authority levels are stored according to a plurality of IDLV values. According to the authority level, information type of document data and permission / prohibition data of authority to operate the document data are stored. If the user is the owner of the document data, the document data is set to be editable.

  According to the TERM value (access terminal information) in FIG. 5, each terminal device can be used by a legitimate terminal device that is identified as a legitimate user and is judged to be safe, or can be used by a plurality of users. It is classified into the determined regular terminal device.

  Based on the TIME value (access time information) in FIG. 6, it is determined whether the accessed time is within a pre-planned time or time zone, or an unplanned time or time zone.

  Regarding the ZONE value (access environment information) in FIG. 7, the type of space will be described based on an example of a store. Corresponding to a plurality of ZONE values, each location (access environment) is defined in the access environment storage means. The access environment investigation unit 30 reads out the ZONE value from among the ZONE values 4 to 0 corresponding to the position information acquired by the user terminal devices 1 and 6 at the respective locations from the access environment storage unit, and reads out the ZONE value. The ZONE value is output.

  In this embodiment, the information access management device 8 outputs the position information acquired by the position sensor unit 4 as it is as the access environment information, and outputs the position information as the access environment information as the same data. However, data different from the position information may be output as the access environment information. For example, when the GPS function is used, the user terminal device 1 or 6 outputs position information composed of latitude and longitude according to a signal received from a GPS satellite, and the access environment storage means includes a plurality of position information including latitude and longitude. The access environment information associated with the position information is stored, and the access environment investigation unit 30 reads out the associated data, whereby the access environment information “1-4” corresponding to the position information including the latitude and longitude is read. Can also be output.

  The safe space as an access environment corresponding to the ZONE value “4” is an office, where sales data, information on the unit price, cost, gross profit, etc. of the product, accounting data, etc. are handled. In addition, orders are received from customers. A safe space is a place where only certain persons within the company are allowed to enter. The semi-safety space corresponding to the ZONE value “3” is a backyard, and operations such as processing of products and replacement of price tags on products are performed in the backyard. Internal employees are allowed to enter this semi-safe space. The shared space corresponding to the ZONE value “2” is a meeting space or rest area for explaining design information and product prices to outside parties. The public space corresponding to the ZONE value “1” is a sales floor where there are many unspecified persons. As described above, since a plurality of security levels can be stored corresponding to a plurality of pieces of position information, a plurality of security levels based on the access location of the user can be set.

  The IDLV value data is obtained by accessing the authentication data holding unit 24 using the user ID transmitted from the user terminal device 1 or 6 as a key. The TERM value data and the TIME value data are obtained by comparing with the respective values investigated in the access time examining unit 32 and the access terminal examining unit 33. Therefore, the information access management device 8 according to the present embodiment can change the access authority to the document data according to the person, the terminal, and the location based on the data of the IDLV value, the TERM value, and the ZONE value. .

  The position information is transmitted from the user terminal devices 1 and 6. The operation for obtaining this position information is shown in the flowchart of FIG. That is, when the user terminal device 1 receives the position request signal from the information access management device 8 (step A1), the user terminal device 1 drives the position sensor unit 4 through the Yes route (step A2), and the position sensor unit 4 It is determined whether or not it is normal (step A3). When the position sensor unit 4 is not normal, the user terminal device 1 sets the zone ID to 0 (step A4). When the position sensor unit 4 is normal, the user terminal device 1 uses the Yes route. The person terminal device 1 receives the zone signal (step A5). The user terminal device 1 determines what kind of space it is in from the zone ID included in the zone signal (step A6), and sets 1 to 4 as the zone ID (step A6). A7). The position sensor unit 4 of the user terminal device 1 transmits this zone ID as position information to the information access management device 8 (step A8). The operation for obtaining the location information by the user terminal device 6 is also the same as the example of the flowchart of FIG.

  When the information access management device 8 receives the zone ID transmitted from the user terminal devices 1 and 6, the information access management device 8 obtains a ZONE value (access environment information) based on the zone ID (location information), and constitutes a secure value. Set to one of

  Further, the authentication data holding unit 24 stores authentication data having a configuration as shown in FIG. This authentication data includes a user ID 40 as an entry key, an authority level 41 indicating the level of access authority originally held, a use permission time zone 42 indicating a time zone used by a normal user, and a terminal device registered for use by the user. A terminal key 43 indicating a unique value, authority delegation presence / absence 44 indicating by a flag whether or not authority is delegated to someone, and delegation level 45 indicating authority to be given to the other party when authority is delegated Consists of. Using the user ID from the user terminal device 1 or 6 as a key, data representing the contents of the authority level 41, use permission time zone 42, terminal key 43, authority delegation presence / absence 44, and delegation level 45 are input / output.

  The authentication data holding unit 24 determines the user's authority to access the document data. For example, the authentication data holding unit 24 determines the type of document data, and operations such as printing and saving. However, since the safety of the terminal to access and the safety of the environment are not taken into consideration, these are covered by the information access management device 8 according to the present embodiment. The obtained IDLV value (access authority information), TERM value (access terminal information), TIME value (access time information), and ZONE value (access environment information) are added to the access right generation unit 34, and these values are secure values. Are treated as

  Further, when the user issues a command for delegating authority in order to request delegation processing, the access right generation unit 34 sets an authority delegation flag in the authority delegation presence / absence 44 of the authentication data holding unit 24. 1 is set and a delegation level 45 is input to the authentication data holding unit 24. When authority delegation processing occurs, the authority delegation data storage unit 21 is also updated.

  As shown in FIG. 10, the data stored in the authority delegation data storage unit 21 includes a delegator ID 46 indicating the delegator, a delegation level 47 indicating the delegation level of the delegator, and a delegated person ID 48 (declaring the authority delegation destination). (Delegator information), request policy 49 indicating the policy number of the policy data table for determining in which access environment the delegatee can exercise the delegated authority, and the date and time when authority is delegated The contents include a delegation date 50 and a delegation time 51. When there is an access to the authority delegation data storage unit 21 from the user terminal devices 1 and 6, the authority delegation data is searched in the authority delegation data storage unit 21 using the user ID as a key. Authority delegation data appears in the policy comparison / determination unit 22.

  The policy data holding unit 19 stores policy data that defines the authority of operations such as access to document data and printing and saving of data for possible values of the secure value 35 (FIG. 3). Such a policy is created in advance as a policy data table in the policy data holding unit 19. An example of the policy data table is shown in FIG. The information access management apparatus 8 according to the present embodiment stores 300 types of policy data, and can thereby set a maximum of 300 policies. As an example, when the secure value indicates IDLV = 4, TERM = 3, ZONE = 4, and TIME = 2, the policy data is searched by the policy comparison / determination unit 22 in the policy data table, and the policy number 1 is obtained. . The policy indicated by policy number 1 indicates that the user is in a safe place and uses the specified terminal. When the user accesses the document data, the policy is used. All the authority previously given to the person can be used. As long as there is no authority delegation, the original authority given to the user will not be exceeded.

  The policy comparison / determination unit 22 compares the secure value obtained by the access right generation unit 34 with the data from the policy data holding unit 19 to determine the user's authority, and to the document input / output unit 23. Give an instruction to access the document according to the policy. Also, authority delegation data in the authority delegation data storage unit 21 is considered. When the contents indicated by the authority delegation data are those in which the user has been delegated authority and the terminal environment is constructed in accordance with the policy designated by the delegator, access authority is promoted.

  The document input / output unit 23 retrieves document data from the document database 18 in response to a request for document data with access authority. In addition, the document input / output unit 23 has a function of processing the document data so as to restrict operations on the document data such as printing and saving in accordance with the security policy data of the policy data holding unit 19. Printing restrictions and storage restrictions can be realized by setting document data properties. These restrictions can be set for software that browses files in recent electronic document formats (such as Adobe Acrobat (registered trademark) format). This is a function already prepared. The finally obtained document data is sent to the access source user terminal device 1 or 6 through the access receiving unit 20, and the processing is completed.

  The access right generation unit 34, the policy comparison determination unit 22, and the document input / output unit 23 compare the access authority and the access environment with the security policy as a condition stored in the policy data holding unit 19. If the access authority of the users 1 and 6 is determined and the user is a delegated person stored in the authority delegation data storage unit 21, the authority delegation data stored in the authority delegation data storage unit 21 Based on this condition, the access authority of the user is changed and functions as information access control means for controlling access to the information stored in the document database 18.

  Details of access to the document data in the information access management apparatus 8 having such a configuration will be described.

  FIG. 12 shows a sequence of normal access using the user terminal device 1. When the user terminal device 1 transmits a data request to the information access management device 8 (step B1), the information access management device 8 transmits a user confirmation request to the user terminal device 1 (step B2). ).

  When the user terminal device 1 transmits the user ID (user information) from the user recognition unit 3 to the information access management device 8 (step B3), the user investigation unit 31 of the information access management device 8 With reference to the authentication data stored in the authentication data holding unit 24, the presence / absence of this user ID is determined (step B4). When the entry key of this user ID is in the authentication data, the information access management device 8 transmits the authority level value 41 (IDLV value) from the user investigation unit 31 to the access right generation unit 34 (step B5). ). The information access management device 8 determines whether or not the access time is within the time period permitted by the authentication data (step B6). If the access time is within the permitted time period, the TIME value is generated as an access right. It transmits to the part 34 (step B7). Then, the information access management device 8 transmits a terminal confirmation request to the user terminal device 1 (step B8).

  When the user terminal device 1 transmits the key management module value to the information access management device 8 (step B9), the information access management device 8 refers to the authentication data, and the terminal key (terminal) for this key management module value It is determined whether or not there is a key certificate (step B10). If the terminal key is in the authentication data, the information access management device 8 transmits the TERM value to the access right generation unit 34 (step B11), and transmits a location information request to the user terminal device 1 (step B12). ).

  When the user terminal device 1 transmits the zone ID (position information) output from the position sensor unit 4 to the information access management device 8 (step B13), the access environment investigation unit 30 of the information access management device 8 The ZONE value (access environment information) for the received zone ID is transmitted to the access right generation unit 34 (step B14).

  The access right generation unit 34 includes an IDLV value (access authority information) output by the user inspection unit 31, a ZONE value (access environment information) output by the access environment inspection unit 30, a TIME value (access time information), and A secure value is set from the TERM value (access terminal information).

  Further, the access right generation unit 34 transmits a secure value to the policy comparison / determination unit 22 (step B15), and the policy comparison / determination unit 22 sets a policy setting value that is a value set as a policy or policy data. The user's authority is determined by reading from the policy data holding unit 19 and comparing the secure value with the policy data (step B16). That is, the policy comparison / determination unit 22 determines whether security policy data matching the IDLV value (access authority information) and the ZONE value (access environment information) is stored in the policy data holding unit 19. Even if the IDLV value is the same, the policy data differs depending on the ZONE value. The policy comparison / determination unit 22 transmits file input / output control to the document input / output unit 23 (step B17). In this way, each of the user, terminal, location, and time is compared with the policy, and data output is controlled.

  The document input / output unit 23 refers to the document data held in the document database 18, processes the document data together with the policy (step B18), and processes the processed document data to the user terminal device 1. Transmit (step B19).

  As a specific example, a user belonging to the accounting department performs all operations of browsing, editing, saving, and printing accounting data by using a terminal provided in the accounting department of the safe space zone having the ZONE value “4”. However, even if the same user uses the terminal provided in the quasi-safe space zone with the ZONE value “3”, the same data can only be viewed, and the shared space zone with the ZONE value “2”. It is possible to prevent browsing by using a terminal provided at the sales floor. In other words, by setting the access operations such as browsing, editing, saving, printing, etc. that are permitted according to multiple access environments in stages, users who originally have access authority for all operations Even if there is an access environment with a low level of information security, only a browsing operation is permitted, a browsing operation and a printing operation are permitted depending on an intermediate access environment, and all operations may be performed depending on an access environment with a high level. As permitted, document data or information can be managed so that the access operation is restricted in stages according to the information security level of the access environment. The authority to access accounting data can be changed. That is, the information management system of the present invention can delegate authority. Also, access to accounting data is not allowed for anyone other than those who belong to the accounting department. Therefore, it can be said that the requested data is not always obtained in response to a document output request from the user.

  Next, a person who intends to delegate authority (authority delegator) uses the user terminal device 1 to a person (delegator) to whom the authority as the user of the user terminal device 6 is delegated. The process for delegating authority will be described in detail. FIG. 13 is a diagram showing a sequence for explaining a data access method at the time of authority delegation in the information management system according to the present embodiment.

  When the user terminal device 1 transmits an authority delegation request to the information access management device 8 (step C1), the information access management device 8 performs a determination process on access time, user ID, terminal status, location, and the like. (Step C2) and investigate each value of the access environment for calculating the secure value (Step C3).

  The access right generation unit 34 generates a secure value, transmits this secure value to the policy comparison / determination unit 22 (step C4), and the policy comparison / determination unit 22 reads out the policy setting value and outputs these secure values. And the policy data are compared to determine the authority of the user (step C5). In this determination, the policy comparison / determination unit 22 determines whether or not the delegation of authority to the delegatee who is the user of the user terminal device 6 is compatible with the security policy (step C6). If the delegation is compatible with the security policy, a delegation permission notice is transmitted to the user terminal device 1 via the access reception unit 20 (step C7).

  Upon receiving the delegation permission notification, the user terminal device 1 allows the user to input authority delegation data such as delegation level, delegee ID (delegated person information), request policy, delegation date, delegation time, etc. Then, the input authority delegation data is transmitted to the information access management device 8 together with the user ID (step C8). The information access management device 8 updates the authority delegation data stored in the authority delegation data storage unit 21 (authority delegation data storage means) based on the received user ID and authority delegation data (step C9). The user ID is stored as a delegate ID. Then, a processing completion notification is transmitted to the user terminal device 1 (step C10).

  In the state where the authority delegation process is completed, when the authority delegate who is the user of the user terminal device 6 transmits a data request to the information access management apparatus 8 (step C11), the information access management apparatus 8 Then, an environment determination process is performed by referring to the authentication data (step C12). Here, the information access management device 8 checks the delegated user ID 48 in the privilege delegation data storage unit 21 and if there is a user ID of the user terminal device 6 that is the delegated, there is a privilege delegation. The policy comparison / determination unit 22 is also notified. The information access management device 8 checks each value of the access environment (step C13), and the access right generation unit 34 generates a secure value and transmits this secure value to the policy comparison determination unit 22 (step C14). The policy comparison / determination unit 22 determines the authority of the user by reading the policy setting value (step C15), and determines whether to continue the authority delegation process by reading the delegation data (step C16). When the policy comparison / determination unit 22 determines to delegate authority based on the request policy stored in the request policy 49 of the authority delegation data storage unit 21, the access authority is stored in the delegation level 47 of the authority delegation data storage unit 21. While changing to the delegation level, file input / output control is transmitted to the document input / output unit 23 (step C17). The document input / output unit 23 refers to the document data in the document database 18, processes the document data together with the policy (step C18), and transmits the processed document data to the user terminal device 6 ( Step C19). As described above, the authority delegator can use the user terminal device 1 to delegate the authority to the delegated person who uses the user terminal device 6. Therefore, it can be said that the information management system of the present invention can transfer the access authority to the desired data according to the place and the person.

  In this way, according to the present invention, access control to document information in consideration of the safety of the user and the terminal device and the safety of the surrounding environment is automatically performed without making the user aware of it. It becomes possible. In addition, authority can be delegated safely and effectively. Since the authorized user can exercise his / her authority only at the place according to the security policy, information leakage due to carelessness of the user is prevented.

  In addition, according to the present invention, even a person who has the access right is prohibited from accessing a document depending on a zone. Therefore, access is prohibited or restricted depending on a place where the user accesses. Can do. Therefore, it becomes possible to perform security management according to the location such as a store where a large number of unspecified persons exist.

(Second Embodiment)
Even if the information access management device 8 permits the document access to the user terminal device 1 or 6 according to the person and place, the in-house employee can discuss the product with the employee of the company in the cooperative relationship. is there. In this case, in-house employees can make the cost information out of all information about the product available to the employees of the partner company, but the information on the handling fee for the product is given to the employee. It cannot be viewed. The information access management apparatus according to the second embodiment of the present invention is configured to mask some data items among a plurality of data items described in a data sheet, for example, at a meeting place.

  The information management system according to the second embodiment of the present invention will be described below with reference to FIG.

  FIG. 14 is a configuration diagram of an information management system according to the second embodiment of the present invention. The information management system according to the present embodiment is connected to the user terminal devices 1 and 6, the network 7 connected to each of the user terminal devices 1 and 6, and the user terminal devices 1 and 6 and the network 7. The information access management device 52 is provided. 14 having the same reference numerals as those described above are the same as those described in the first embodiment. Further, the position measurement methods for the user terminal devices 1 and 6 are the same as those position measurement methods in the first embodiment.

  In the information access management device 52 according to the present embodiment, the content of the document data output from the document input / output unit 23 is inspected, and a mask processing unit that performs mask processing on a document including content that violates security 53 is provided, and the masked document is input to the access receiving unit 20.

  The information access management device 52 according to the present embodiment is also controlled by the data processing unit 29 as a whole, and can communicate with the user terminal devices 1 and 6 through the access receiving unit 20 that performs interface processing with the network 7. ing. Thereby, in the information access management device 52, the access environment investigation unit 30 inspects the positions of the user terminal devices 1 and 6 and outputs the ZONE value, and the user investigation unit 31 receives the information from the user terminal devices 1 and 6. The transmitted user ID (user information) is used to check whether the user is a legitimate user and output an IDLV value, and the access time checking unit 32 checks the time when the access request is made and determines the TIME value. The access terminal checking unit 33 checks whether the accessing terminal is safe and outputs a TERM value, and the access right generation unit 34 controls access control such as IDLV value, TERM value, TIME value, ZONE value, etc. Generate a secure value that is the basis of. The secure value generation method by the information access management device 52 according to the present embodiment is also the same as that in the first embodiment.

  Also in the present embodiment, the function of the information access control means is realized by the access right generation unit 34, the policy comparison determination unit 22, and the document input / output unit 23. The information access management device 52 may output data different from the location information as access environment information. When the user terminal device 1 or 6 uses the GPS function, the user terminal device 1 or 6 outputs position information composed of latitude and longitude according to a signal received from a GPS satellite, and the access environment investigation unit 30 It is possible to output access environment information “1 to 4” corresponding to the position information consisting of

  The data stored in the authentication data holding unit 24 is the same as that in the first embodiment. That is, the authentication data is specific to the user ID, the authority level that indicates the level of access authority that is originally held, the use permission time period that indicates the time period that a normal user uses, and the terminal device that the user has registered for use. A terminal key indicating a certain value, presence / absence of authority delegation indicating whether or not authority is delegated to someone, and a delegation level indicating authority to be given to the other party when authority is delegated. Using the user ID from the user terminal device 1 or 6 as a key, data representing the contents of the authority level, usage permission time zone, terminal key, authority delegation presence / absence, and delegation level is input / output.

  Even in the authentication data holding unit 24, the user's authority to access document information is determined, and operations such as document type, printing, and storage are determined, but the safety of the accessing terminal and the safety of the environment are also determined. Therefore, the information management system according to the present embodiment also covers these. The obtained IDLV value (access authority information), TERM value (access terminal information), TIME value (access time information), and ZONE value (access environment information) are added to the access right generation unit 34, and these values are secure values. Are treated as

  Further, when the user issues a command for delegating authority, the access right generation unit 34 sets an authority delegation flag to the authentication data holding unit 24 and inputs a delegation level. Further, when authority delegation processing occurs, authority delegation data in the authority delegation data storage unit 21 is also updated. When there is an access to the authority delegation data storage unit 21 from the user terminal devices 1 and 6, the authority delegation data is searched in the authority delegation data storage unit 21 using the user ID as a key. Authority delegation data appears in the policy comparison / determination unit 22.

  The policy data stored in the policy data holding unit 19 determines the authority for operations such as access to the document data and printing and saving of the data with respect to the possible values of the secure value. It is possible to set a policy. When the secure value indicates IDLV = 4, TERM = 3, ZONE = 4, and TIME = 2, it is determined that the specified terminal is being used in a safe place, so that all of the authority of the user is Has been made available. Also in the information management system according to the present embodiment, the user's original authority is not exceeded unless there is authority delegation. The information access management device 52 also follows the policy data previously created as a policy data table in the policy data holding unit 19.

  The policy comparison / determination unit 22 determines the authority of the user by comparing the secure value obtained by the access right generation unit 34 with the data read from the policy data holding unit 19, and the document input / output unit 23. Is instructed to access the document according to the policy. The information access management device 52 also considers the authority delegation data storage unit 21. If the user has been delegated authority and a terminal environment is established in accordance with the policy designated by the delegate, access authority is promoted. The document input / output unit 23 retrieves document data from the document database 18 in response to a request for a document with access authority. In addition, the document input / output unit 23 performs document operations such as printing and saving in accordance with the security policy data of the policy data holding unit 19. It has a function to process document data to be restricted. The document data is sent to the mask processing unit 53.

  The mask processing unit 53 inspects the contents of the document data itself. There is no problem if the document is properly managed and the access right is granted correctly, but if the user accidentally gives the access right level of the confidential document low or forgets to attach the access right level. May provide data to users who do not have authority over the content. For this reason, the mask processing unit 53 scans the contents of the document data and inspects whether or not a problematic keyword is described. For example, an NG word is used as the keyword. The mask processing unit 53 detects the presence / absence of an NG word for each phrase of the sentence included in the document data.

  When there is a document having a problem, the mask processing unit 53 performs processing for displaying a message such as “Delete corresponding part for confidential information” on the user terminal devices 1 and 6, It performs a function of applying a mask so that information does not leak to the corresponding part of the document data by a method such as painting or deleting a part of the data. Accordingly, the mask processing unit 53 performs a mask process on information including contents different from the security policy for accessing the information among the information whose access is controlled by the information access control means. As a result, it is possible to prevent information leakage due to an authority setting error or management error. As a specific example of performing the mask processing, for example, in the text data in the text format when the document data is created, the mask range portion to be masked is designated in advance, and the mask range portion data is deleted when the mask processing is necessary, Alternatively, it is conceivable to perform mask processing by changing to another character data.

  The document data finally obtained by the mask processing unit 53 is sent to the access source user terminal devices 1 and 6 through the access receiving unit 20 to complete the processing.

  As described above, according to the information access management apparatus 52 according to the present embodiment, when a request for outputting a document in the document database 18 is generated, the security policy is set for the user, the safety of the terminal, the access time, and the access environment. The document is output safely for comparison. In addition, information leakage is prevented, and it is possible to safely and easily implement the transfer of access authority for efficiently browsing documents.

  Further, according to the information access management device 52 according to the present embodiment, access control to data can be managed according to the user and a plurality of places.

(Third embodiment)
In the first embodiment and the second embodiment, the document data is held in the internal database of the information access management device 8 (or 52). However, in the third embodiment, the document data is stored in the information access management device. It is also possible to control the access request from the user terminal devices 1 and 6 to the storage device by holding it in the external storage device 8 or 52.

  As shown in FIG. 15, the information management system according to the third embodiment of the present invention includes user terminal devices 1 and 6, a first network 54 connected to each of the user terminal devices 1 and 6, An information access management device 55 connected to the first network 54 and capable of communicating with the user terminal devices 1 and 6, another second network 56 connected to the information access management device 55, and the second network 56 And a document server 57 capable of inputting / outputting data to / from the information access management device 55.

  The information access management device 55 is connected to the first network 54 and transmits / receives data to / from the user terminal devices 1 and 6, and the user terminal device 1 connected to the first network 54. 6, an access switch (access switch means) 59 for switching control of access to the document server 57 connected to the second network 56, and data input to the document server 57 connected to the access switch 59 and the second network 56. And a second data transmitting / receiving unit 60 capable of outputting. The document server 57 is also a data storage unit that holds document data. In the present embodiment, the function of the information access control unit is realized by the cooperation of the access right generation unit 34, the policy comparison determination unit 22, and the access switch 59. The information access control means compares the IDLV value (access authority information) and the ZONE value (access environment information) with the security policy that is the access condition, and determines that the document server 57 is used safely. Switches the access from the user terminal devices 1 and 6 to the document server 57 so as to transmit the access request from the user terminal devices 1 and 6 to the document server 57. Other than those shown in FIG. 15 and having the same reference numerals as those described above are the same as those described in the first embodiment. Further, the position measurement methods for the user terminal devices 1 and 6 are the same as those position measurement methods in the first embodiment and the second embodiment.

  The information access management device 55 is controlled by the data processing unit 29 as a whole, and the access authority of the user, the safety of the terminal, the safety of the use environment, the access request time, the change of the access authority due to the transfer of authority, etc. The access switch 59 is controlled based on a comprehensive decision and contents in accordance with the security policy. The order in which access requests from the user terminal devices 1 and 6 to the document server 57 pass through the first network 54, the first data transmission / reception unit 58, the access switch 59, the second data transmission / reception unit 60, the second network 56, This is a document server 57.

  In the information access management device 55, the access receiving unit 20 receives the data received by the first data transmitting / receiving unit 58 and inspects this data. The access environment investigation unit 30 connected to the access reception unit 20 inspects the positions of the user terminal devices 1 and 6 and outputs a ZONE value, and the user investigation unit 31 is transmitted from the user terminal devices 1 and 6. The user ID is used to check whether the user is a legitimate user and output an IDLV value. The access time checking unit 32 checks the time when the access request is made and outputs the TIME value, and the access terminal checking unit. 33 checks whether the accessing terminal is safe and outputs a TERM value, and the access right generation unit 34 obtains a secure value as a basis for access control such as an IDLV value, a TERM value, a TIME value, and a ZONE value. Generate. The method for generating the secure value is the same as the method for generating the secure value in the first embodiment.

  The authentication data stored in the authentication data holding unit 24 includes a user ID, an authority level indicating the level of access authority originally held, a use permission time zone indicating a time zone used by a normal user, and a user registering use. Terminal key indicating a value unique to the terminal device, presence / absence of authority delegation indicating whether or not authority is delegated to someone, and delegation level indicating authority given to the other party when authority is delegated. Using the user ID from the user terminal device 1 or 6 as a key, data representing the contents of the authority level, usage permission time zone, terminal key, authority delegation presence / absence, and delegation level is input / output.

  Even in the authentication data holding unit 24, the user's authority to access document information is determined, and operations such as document type, printing, and storage are determined, but the safety of the accessing terminal and the safety of the environment are also determined. Since these are not considered, these are covered by the information access management device 55 according to the present embodiment. The obtained IDLV value (access authority information), TERM value (access terminal information), TIME value (access time information), and ZONE value (access environment information) are added to the access right generation unit 34, and these values are secure values. Are treated as

  When the user issues a command for delegating authority, the access right generation unit 34 sets an authority delegation flag to the authentication data holding unit 24 and inputs a delegation level. Further, when the authority delegation process occurs, the access right generation unit 34 updates the authority delegation data in the authority delegation data storage unit 21. When there is an access to the authority delegation data storage unit 21 from the user terminal devices 1 and 6, the authority delegation data is searched in the authority delegation data storage unit 21 using the user ID as a key. Authority delegation data appears in the policy comparison / determination unit 22.

  The information access management device 55 according to the present embodiment can also set a maximum of 300 policies using 300 types of policy data that defines the access authority to document data with respect to possible values of secure values. When the secure value indicates IDLV = 4, TERM =, ZONE = 4, and TIME = 2, it is determined that the user is using the specified terminal in a safe place. Everything is made available. As long as there is no delegation of authority, the user's original authority will not be exceeded. Such a policy is created in advance in the policy data holding unit 19 as a policy data table.

  The policy comparison / determination unit 22 compares the secure value obtained by the access right generation unit 34 with the data in the policy data holding unit 19 and the like, determines the user's authority, and determines whether or not the document server 57 can be accessed. Is transmitted to the access switch 59.

  The access switch 59 permits or blocks access to the document server 57. Further, the details of the access right are also given to the document server 57, whereby fine access control in the document server 57 can be performed.

  In addition, the device connected to the second network 56 may be not only the document server 57 but also various network devices. The information access management device 55 can also perform access control of the user terminal devices 1 and 6 for these.

  This makes it possible to comprehensively determine the access authority of the user, the safety of the terminal, the safety of the usage environment, the access request time, the change of the access authority due to the transfer of authority, etc. A network device connected to 56 can be used, and information leakage due to carelessness can be eliminated.

  As described above, according to the information access management device 55 according to the present embodiment, when there is an access request from the first network 54 to the document server 57 connected to the second network 56, the security of the user and the terminal is increased. If the access time and the access environment are compared with the security policy and it is determined that the document server 57 can be used safely, the access request from the first network 54 is made by the operation of the access switch 59. The document server 57 is accessed.

  Further, according to the information access management device 55 according to the present embodiment, access control to data can be managed according to the user and a plurality of places.

  Note that the present invention is not limited to the above-described embodiment as it is, and can be embodied by modifying the constituent elements without departing from the scope of the invention in the implementation stage.

  In addition, various inventions can be formed by appropriately combining a plurality of components disclosed in the embodiment. For example, some components may be deleted from all the components shown in the embodiment. Furthermore, constituent elements over different embodiments may be appropriately combined. For example, the mask processing unit 53 described in the second embodiment can be provided in the information access management device 55 according to the third embodiment.

  In this embodiment, the function for carrying out the invention is recorded in advance in the apparatus. However, the present invention is not limited to this, and the same function may be downloaded from the network to the apparatus. May be installed in the apparatus. The recording medium may be any form as long as the recording medium can store the program and can be read by the apparatus, such as a CD-ROM. In addition, the function obtained by installing or downloading in advance may be realized in cooperation with an OS (operating system) inside the apparatus.

1 is a configuration diagram of an information management system according to a first embodiment of the present invention. It is a figure for demonstrating the measuring method of the access position of the terminal device which concerns on the 1st Embodiment of this invention. It is a figure which shows an example of the secure value of the information access management apparatus which concerns on the 1st Embodiment of this invention. It is a figure which shows the detail of a secure value (IDLV value). It is a figure which shows the detail of a secure value (TERM value). It is a figure which shows the detail of a secure value (TIME value). It is a figure which shows the detail of a secure value (ZONE value). It is a flowchart for demonstrating the output method of a positional information. It is a figure which shows an example of an authentication data table. It is a figure which shows an example of an authority transfer data table. It is a figure which shows an example of the policy data table memorize | stored in the security policy memory | storage means which concerns on the 1st Embodiment of this invention. It is a figure which shows the sequence for demonstrating the data access method in the normal time from the terminal device which concerns on the 1st Embodiment of this invention to the information access management apparatus. It is a figure which shows the sequence for demonstrating the data access method at the time of authority transfer of the information access management apparatus which concerns on the 1st Embodiment of this invention. It is a block diagram of the information management system which concerns on the 2nd Embodiment of this invention. It is a block diagram of the information management system which concerns on the 3rd Embodiment of this invention.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1,6 ... User terminal device (terminal device), 2 ... Information processing terminal, 3 ... User recognition part, 4 ... Position sensor part, 5 ... Key management part, 7 ... Network, 8, 52, 55 ... Information access Management device, 9 ... terminal zone, 9a ... zone signal transmitter, 10-13 ... position sensor antenna, 14-17 ... zone, 18 ... document database (data storage means), 19 ... policy data holding unit (security policy storage means) ), 20... Access accepting unit (reception unit), 21. Authority delegation data storage unit (authority delegation data storage unit), 22... Policy comparison / determination unit (information access control unit), 23. Means), 24 ... recognition data holding unit, 25 ... CPU, 26 ... RAM, 27 ... input / output device, 28 ... ROM, 29 ... data processing unit, 30 ... access environment investigation unit ( Access environment investigation means), 31 ... user investigation section (user investigation means), 32 ... access time investigation section, 33 ... access terminal investigation section, 34 ... access right generation section (information access control means), 35 to 39 ... Secure value, 40 ... user ID (user information), 41 ... authority level, 42 ... use permission time zone, 43 ... terminal key, 44 ... presence of authority transfer, 45, 47 ... transfer level, 46 ... transferee ID, 48 ... Delegate ID (Delegate information), 49 ... Request policy, 50 ... Delegation date, 51 ... Delegation time, 53 ... Mask processing unit, 54 ... First network, 56 ... Second network, 57 ... Document server , 58... First data transmission / reception unit, 59... Access switch, 60.

Claims (2)

Data storage means for storing information;
The includes a user information from the terminal device, and location information of the terminal device, a delegation level indicating the rights granted to the other party when delegating the delegator information and rights of the delegator permissions of the user is delegated receiving the first and the authority transfer data, and communication means for sending a notification to the terminal device,
A second authority delegation that can be updated by the first authority delegation data received by the communication means and associates the delegator information of the delegator who delegates the authority, the delegated person information, and the delegation level. Authority delegation data storage means for storing data;
Authentication data holding means for holding authentication data for determining the type of information in the data storage means to be given permission to output based on each element of the terminal, person and place, and authority regarding the operation on this information; ,
User investigation means for examining the authentication data using the user information received by the communication means as an entry key and outputting access authority information indicating whether or not the user of the terminal device is authorized ;
Access environment investigation means for outputting access environment information of the terminal device based on the position information received by the communication means ;
A policy data table comprising a plurality of policy data associated with the access authority information , the access environment information, and a policy for determining in what access environment the delegated person can exercise the delegated authority ; Stored security policy data storage means;
Determination and change of access authority of the user of the terminal device, determination of whether the user information of the user is stored in the authority transfer data storage means, and storage in the data storage means according to the policy data table And information access control means for controlling access to the information,
This information access control means
By receiving a data request from a person whose authority is to be delegated , a comparison is made as to whether or not policy data matching the access authority information and the access environment information is stored in the security policy data storage means. Determining the access authority of input / output to the information of the data storage means of the person to whom the authority is to be delegated ,
It is determined whether or not the delegated person information of the person to whom the authority is to be delegated is stored in the authority delegation data storage means, and the person to whom the authority is to be delegated is stored in the authority delegation data storage means. and in if it was the grantor, the by reading the second authority transfer data stored in the authority transfer data storing means determined for continuing delegation process about to be delegated the authority by the result of the determination information access management unit and changes the access privileges of the person to the delegation level stored in the second authority transfer data. The plurality of policy data is further associated with an identification number for identifying each,
The first authority delegation data includes a request policy that points to the identification number of the policy data and is requested of the delegee;
It said information access control means to determine the conditions for access to the information stored in the data storage means of the user based on the request policy of the second authority transfer data stored in the authority transfer data storage means claim 1 Symbol placement information access management unit and said.

Images