JP4858879B2 - File processing apparatus file processing method and file processing program - Google Patents

Description

  The present invention relates to a technical field such as a file management system capable of preventing information leakage by isolating a file to a remote server and synchronizing with the isolated file.

  Conventionally, in a local personal computer that can be carried such as a notebook personal computer (personal computer), there is a possibility of information leakage if a confidential information file is lost while being stored locally. For this measure, there was a measure such as encrypting all information in the personal computer.

  Alternatively, in the thin client method or the like, confidential information is physically stored in a server, and a file on the server can be virtually operated like a local file on the client side.

  As another countermeasure, the server actually does not change the apparent operation to save locally by hooking the application interface (API) of the operating system (OS) of the personal computer or hooking the device driver. There was also a way to put files on the side.

Note that Patent Document 1 discloses a file management system that can reliably ensure the consistency of files in the entire system without placing an excessive burden on communication when transferring files.
JP-A-6-187226

  However, even if the file is encrypted as described above, there is a case where the file entity is in the lost personal computer, which causes a problem. In the thin client method, there is actually no file on the client side, which hinders the task of creating files locally, and it is necessary to prepare multiple virtual spaces. The machine was expensive because high performance was required.

  In addition, the method of placing a file on the server side without actually saving it locally or changing the apparent operation cannot operate with other applications that operate on the same layer of the API or device driver. There was a problem that although it should be a security product, it cannot be used with other security products.

  In addition, there was a method of comparing the same file between the server and the personal computer and copying the excess and deficiency when synchronizing the file isolated on the server and the local personal computer, but the huge file size is large. There was a demerit that it took time in some cases.

  The present invention has been made in view of the above problems, and efficiently realizes that a file is downloaded from a server before editing and then uploaded to the server again after editing and the file is not left in the information processing apparatus. It is another object of the present invention to provide a file processing apparatus and a file processing program that can prevent confidential information from leaking even if the information processing apparatus is lost without the user being aware of it.

  In order to solve the above-described problem, the invention described in claim 1 is a file processing apparatus for copying a file to a server connected via a network, and an extension of a file to be processed stored in a recording medium If the application associated with is confirmed to be operating and the end of the application is confirmed without copying the processing target file to the server while the application is operating, the processing target file When the file to be processed is copied to the server, and the file to be processed is copied to the server, a reference file is created with the process target file copied to the server as a reference destination, Create a reference file and delete the file to be processed from the recording medium Characterized in that it comprises a stage, a. For example, while referring to the extension of a file in a local disk (an example of a recording medium) of a personal computer (an example of a file processing apparatus) and while the associated application is operating on the memory of the operating system, the file server If it is detected that the application is terminated without copying, the file is copied to the file server, a shortcut file (an example of a reference file) is created on the local disk, and the original file on the local disk is deleted.

  According to a second aspect of the present invention, in the file processing apparatus according to the first aspect, when the reference file is selected by a user, the processing target file is recorded from the server based on the reference file. And an application activation unit that activates an application associated with the acquired file extension.

  The invention according to claim 3 is the file processing device according to claim 1 or 2, wherein the file list is acquired from the server, and the file list is compared with the file list managed by the file processing device. And a reference file creating means for identifying a file not stored in the recording medium and creating a reference file with the identified file as a reference destination. As a result, for example, when the local disk of a personal computer is broken or when a completely new personal computer is used, the information on the list of files already copied to the file server is used. By creating only the shortcut file on the local disk, the environment of the local disk can be easily restored.

  According to a fourth aspect of the present invention, in the file processing device according to any one of the first to third aspects, the file copy control means is an API or device driver of an operating system that operates on the file processing device. Rather, it operates as an extension of a filer that is an application that operates on an operating system.

  According to a fifth aspect of the present invention, in the file processing apparatus according to any one of the first to fourth aspects, the reference file includes an address for accessing the file copied to the server. It is characterized by.

  The invention according to claim 6 is a file processing method in a computer for copying a file to a server connected via a network, the application being associated with an extension of a file to be processed stored in a recording medium. When the application is running, the file to be processed is not copied to the server. When the end of the application is confirmed, the file to be processed is copied to the server. And when the file to be processed is copied to the server, a reference file is created with the file to be processed copied to the server as a reference destination, and the file to be processed is recorded in the server And erasing from the medium.

  As a means for confirming whether the application is operating, the process list is obtained by using the OS process list acquisition API, for example, by acquiring a process list every second and comparing it with the name of the application. Then, there is a means for determining that the application has finished its operation.

  The invention of the file processing program according to claim 7 is such that an application associated with an extension of a file to be processed stored in a recording medium operates on a computer that copies a file to a server connected via a network. A file that copies the processing target file to the server when the end of the application is confirmed without copying the processing target file to the server while the application is running. When the copy control means and the file to be processed are copied to the server, a reference file is created with the process target file copied to the server as a reference destination, and the file to be processed is Reference file creation and file erasing means for erasing from the recording medium; Characterized in that to function Te.

  According to the present invention, it is possible to efficiently realize that the file is downloaded from the server before editing, is uploaded to the server again after editing, and the file is not left in the information processing apparatus. Since the file containing the confidential information is automatically copied to the server and only the reference file is stored on the recording medium, it is possible to prevent leakage of the confidential information even if the information processing apparatus is lost.

  Hereinafter, the best embodiment of the present invention will be described in detail with reference to the drawings.

  First, the configuration and function of a file management system according to an embodiment of the present invention will be described with reference to FIG.

  FIG. 1 is a diagram illustrating a schematic configuration example of a file management system according to the present embodiment.

  As shown in FIG. 1, the file management system includes a server having a file server unit 200 and a personal computer (an example of a file processing apparatus) having a client personal computer unit 01, and the server and the personal computer are connected via a network 100. Thus, mutual data exchange is possible. The network 100 may be either the Internet or a local area network, or may be wired or wireless as long as the functions connect the individual functions of the file server unit 200 and the client personal computer unit 01. In the present embodiment, a personal computer is described as an example of the file processing apparatus. However, the present invention can be applied to, for example, a mobile phone, a PDA (Personal Digital Assistant), and the like.

  Such a file management system automatically copies the files on the local disk in the computer to a remote server, creates a shortcut for the files in the server on the local computer, and deletes the original files on the computer. It is characterized by preventing information leaks, and by creating a shortcut in the local computer based on the remote server's file list, file synchronization between the server and the local computer is facilitated. It is characterized by that.

  Referring to FIG. 1, the client personal computer unit 01 includes an operating system unit 05 having an API unit 051 and a device driver unit 052, and a local disk (hard disk) that stores (stores) files such as a file A.doc061 and a file B.doc062. And an application unit 02 on the operating system unit 05. In the application unit 02, the filer 041, the application A042, and the application B043 are operated. (It works on a general computer such as Microsoft Windows (registered trademark)).

  In such a configuration, the file shadow unit 03 that detects that the user is operating the file A.doc061 and the file B.doc062 in the local disk unit 06 by using the extended function of the filer 041 (in the present invention). The file copy control unit, the reference file creation and file deletion unit, the application activation unit, and the reference file creation unit are realized by the CPU executing the file processing program on the operating system, and the file circulation monitoring unit 031 , An application monitoring unit 032, a file uploading unit 033, a shortcut creating unit 034, a shortcut monitoring unit 035, a file download unit 036, an application activation unit 037, and a server synchronization processing unit 038. .

  Further, the file A.doc.sht061s and the file B.doc.sht062s (an example of a reference file) created by the file shadow unit 03 are stored in the local disk unit 06.

  The client personal computer unit 01 having the local disk unit 06, the operating system unit 05, and the application unit 02 is connected to the network 100.

  The file server unit 200 connected to the network 100 includes a file A.doc061 'and a file B.doc062' copied from the file shadow unit 03 to the file server unit 200.

  In addition, the file server unit 200 has a file A.doc061 ′ or a file B.doc062 ′ copied from the file shadow unit 03 irrespective of whether it has the same function as the local disk unit 06 or the database format. It has a function that can be stored.

  If the general folder format managed by the operating system unit 05 is supported in addition to the files A.doc061 ′ and B.doc062 ′, the files in the local disk unit 06 and the file server unit 200 It is possible to make the folder structure exactly the same. This configuration is omitted from the general file server unit 200 and the operating system unit 05 and is not the essence of the present invention.

  FIG. 2 is a diagram illustrating a configuration example of the file A.doc061 and the file A.doc.sht061s.

  Referring to FIG. 2, the file A.doc061 is composed of an application data file part 0611 and the like in which confidential information is entered, and the file A.doc.sht061s is an address 061s1 (for example, for accessing the file of the file server part 200) , IP address), server name, folder name, and the like.

  Note that “doc” in the file A.doc061 and “sht” in the file A.doc.sht061s are extensions, and these extensions indicate the types of applications such as the application A042 and the application B043 by the operating system unit 05. It is an identifier for linking.

  Next, the operation of the embodiment of the file management system will be described in detail with reference to FIGS.

  3 to 5 are flowcharts showing processing in the client personal computer unit 01.

  First, referring to FIGS. 1, 2, and 3, when a user (user) designates a traveling folder, the file A.doc 061 is copied to the file server unit 200 and the local disk unit 06. An example in which file A.doc061 is deleted from file A.doc.sht061s will be described in detail. In this operation, the user sets the tour timing and the tour folder on the local disk in advance, and when the set time is reached, the tour folder is visited in order, copied to the server, the file on the local disk is deleted, and the shortcut is deleted. Create a file.

  First, the file patrol monitoring unit 031 is set to the patrol target folder of the local disk unit 06 set by the user when the user manually starts from the time set by the user or from the menu displayed on the screen of the file shadow unit 03. The file A.doc061 having the extension “doc” to be copied to the file server unit 200 is detected from the file having the extension set by the user (the file to be processed).

  The type of extension to be searched, the activation time of the file patrol monitoring unit 031, the patrol folder, and the like can be set in advance by the user. At this time, in the present embodiment, the file already shortened with the extension “sht” is excluded from the search target.

  Then, the file tour monitoring unit 031 passes the detected file name of the file A.doc061 to the application monitoring unit 032 (A01).

  Next, in the application monitoring unit 032, the operating system unit 05 uses a general application interface that provides an application associated (linked) with “doc” that is the extension of the file A.doc061. For example, it is recognized that the application A042 is an application corresponding to the file A.doc061, and whether or not the application A042 is currently operating in the application unit 02 on the operating system unit 05 (in other words, It is confirmed (checked) from the application interface of the operating system unit 05 (A02).

  If the application A042 is not operating, the file name of the file A.doc061 is passed to the file upload unit 033 (A03).

  On the other hand, if the application A042 is operating, it waits for the application A042 associated with the file A.doc061 to end and disappear from the application unit 02 on the operating system unit 05 (A04). Here, the operation check of the application A042 is performed again. However, if the check process is frequently performed, the application running on the application unit 02 is affected. .

  Next, the file upload unit 033 transmits the file A.doc061 in the local disk unit 06 to the file server unit 200 via the network 100 and copies the file A.doc061 in the file server unit 200. doc061 'is created (A05). When it is confirmed that the file has been successfully copied, the shortcut creation unit 034 is notified that the file A.doc061 has been copied.

  Next, as a shortcut for the file A.doc061 ′ of the file server unit 200, the shortcut creation unit 034 includes a shortcut file A.doc.sht061s (including information on the address to the file of the file server unit 200 shown in FIG. 2). An example of a reference file is created in the local disk unit 06 (A05).

  Finally, the shortcut creation unit 034 completely deletes (deletes) the file A.doc061 in the local disk unit 06 (A06).

  Here, in the deletion process, in the general file deletion function of the operating system unit 05, the entity of the file A.doc061 remains on the local disk unit 06, and there is a case where only the reference table is deleted. . In such a case, since the entity remains even if it is deleted, it is known that the entity can be recovered with a recovery tool or the like. Therefore, in order to completely delete, the same area on the local disk unit 06 where the file A.doc061 existed is overwritten several times with another data which has no meaning at all. It is desirable to erase. In some cases, the operating system unit 05 has a function for complete deletion.

  The file A.doc.sht061s, which is a shortcut after copying the file A.doc061 to the file server unit 200, is preferably created in the same folder as the file A.doc061 so that the user can easily grasp it. It doesn't matter.

  As described above, in FIG. 1, the file A.doc061 is copied to the file server unit 200 as the file A.doc061 ′, the file A.doc061 is deleted from the local disk unit 06, and the file A.doc. sht061s is created. Subsequently, the file B.doc062 is similarly copied as the file B.doc062 ′ to the file server unit 200 as the object of the present embodiment, the file B.doc062 is deleted from the local disk unit 06, and the file B as a shortcut thereof .doc.sht062s is created. As a result, the files A.doc061 and B.doc062 containing the confidential information are not left in the local disk unit 06, that is, even if the client personal computer unit 01 is lost, the confidential information is not in the personal computer. be able to. In addition, since the file shadow unit 03 exists in the layer of the application unit 02 as viewed from the operating system unit 05, compatibility with the function that operates by hooking the API unit 051 and the device driver unit 052 in the operating system unit 05, etc. There is a merit of being good. That is, the program of the file shadow unit 03 does not hook the API unit 051 or the device driver unit 052, but operates as an extended function of the filer 041 as the application unit 02 of the operating system unit 05.

  Note that the file A.doc061 remains in the local disk unit 06 depending on the timing, such as by disconnecting the connection to the network 100 during copying to the file server unit 200 or turning off the power of the client personal computer unit 01. In some cases. In this case, when the client personal computer unit 01 is activated next time by the patrol function of the file patrol monitoring unit 031, the file is copied to the file server unit 200.

  Further, the setting time, menu, patrol target folder, patrol target extension, etc. of the file patrol monitoring unit 031 described as the premise set by the user are managed by the network management if the user is an employee depending on the company or the like. Generally, it is set according to the contents defined by the security policy of the person or company.

  Although there is a mechanism for collectively managing by a company management server based on a security policy and automatically distributing it to a file processing apparatus or the like, it is omitted because it is not the essence of the present invention.

Next, referring to FIG. 1, FIG. 2, and FIG. 4, when the real file file A.doc061 ′ of the file server unit 200 is downloaded and referenced and edited from the application using the shortcut of the local disk unit 06 Explain in detail
First, due to the functions of the operating system unit 05 or the filer 041, the shortcut monitoring unit 035 of the file shadow unit 03 operating as add-in software of the filer 041 displays the file list screen of the local disk unit 06 displayed by the filer 041. , The user selects the file A.doc.sht061s, which is a shortcut file of the file A.doc061 ', by double-clicking or the return key, etc., acquires the event that was activated, and knows that the file A.doc.sht061s has been activated The file name of the file name file A.doc.sht061s is passed to the file download unit 036 (B01).

  Next, the file download unit 036 refers to the address 061s1 to the file of the file server unit 200 in the file A.doc.sht061s as shown in FIG. Download the file A.doc061 'as the file A.doc061 on the local disk unit 06 (that is, obtain the file to be processed from the file server unit 200 based on the shortcut file), save it, and rename the file A.doc061 It is passed to the application activation unit 037 (B02).

  Next, the application activation unit 037 activates the application A042 associated with the extension “doc” using the file name of the passed file A.doc061 as a parameter (B03).

  Thereafter, the application monitoring unit 032 monitors the end of the associated application A042 for the file A.doc061 as described above, copies it again to the file server unit 200, and deletes it from the local disk unit 06. If there is no shortcut file, processing for creating the file A.doc.sht061s is performed (B04).

  Next, referring to FIG. 1, FIG. 2, and FIG. 5, when the local disk of the client personal computer is broken or when a completely different new personal computer is used, it is already copied to the file server. A method for easily recovering the environment of the local disk by creating only a shortcut on the local disk based on the information of the list of files previously described will be described in detail.

  According to the explanation given so far, it is assumed that the file server unit 200 includes files such as the file A.doc061 ′ and the file B.doc062 ′ that the user has used in the client personal computer unit 01 before. At this time, the file A.doc061, file B.doc062, file A.doc.sht061s, file B.doc.sht062s, etc. does not exist or is broken in the local disk unit 06 of the client personal computer unit 01. It shall be in Further, it is assumed that the file shadow unit 03 is installed in the client personal computer unit 01.

  First, when a user of the client personal computer unit 01 gives an instruction to perform synchronization with the file server unit 200 from a menu on the screen displayed by the file shadow unit 03, the server synchronization processing unit 038 is activated ( C01).

  Next, the server synchronization processing unit 038 acquires a file list of the file server unit 200 via the network 100. If the file server unit 200 is a server that supports the folder format, a list of folders and files is acquired (C02).

  Next, the server synchronization processing unit 038 obtains a file list in the local disk unit 06 (C03).

  Next, the server synchronization processing unit 038 compares the file list of the file server unit 200 with the file list of the local disk unit 06. In this comparison, the file name excluding the extension “sht” of the shortcut of the local disk unit 06 is compared with the file name including the file name or folder name of the file server unit 200, and exists in the local disk unit 06. No, that is, a file that is not stored in the local disk unit 06 is specified, the file name of the specified file is acquired, and is passed to the shortcut creation unit 034 (C04).

  Here, a case where the file A.doc061 ′ is detected as a difference in the file server unit 200 will be described.

  The shortcut creation unit 034 creates a shortcut file A.doc061s with the file A.doc061 'of the file server unit 200 as a reference destination in the local disk unit 06 (C05).

  Next, the shortcut creation unit 034 also detects the file B.doc062 'as a difference, and similarly creates a shortcut file B.doc.sht062s in the local disk unit 06.

  As described above, according to this embodiment, the user double-clicks a file such as the file A.doc061 listed in the filer 041 before the file shadow unit 03 is incorporated, and the application A042 is started. The file A.doc061 is downloaded from the file server unit 200 before editing, and the file A.doc061 is uploaded to the file server unit 200 again after editing. It is realized that it is not left in the local disk unit 06. Further, the confidential file on the local disk unit 06 is automatically copied to the file server unit 200 by patrol without being conscious of the user, and only the shortcut file is stored on the local disk unit 06. Even if lost, it is possible to prevent leakage of confidential information.

  In addition, when the local disk of the client computer is broken or when a completely different new computer is used, the local disk is created based on the list of files already copied to the file server. By creating only a shortcut above, it is possible to easily restore the local disk environment.

1 is a diagram illustrating a schematic configuration example of a file management system according to an embodiment. It is a figure which shows the structural example of file A.doc061 and file A.doc.sht061s. 4 is a flowchart showing processing in the client personal computer unit 01. 4 is a flowchart showing processing in the client personal computer unit 01. 4 is a flowchart showing processing in the client personal computer unit 01.

Explanation of symbols

01 Client PC Unit 02 Application Unit 03 File Shadow Unit 031 File Tour Monitoring Unit 032 Application Monitoring Unit 033 File Upload Unit 034 Shortcut Creation Unit 035 Shortcut Monitoring Unit 036 File Download Unit 037 Application Start-up Unit 038 Server Synchronization Processing Unit 041 Filer 041
042 Application A
043 Application B
05 Operating system section 051 API section 052 Device driver section 06 Local disk section 100 Network 200 File server section

Claims (6)

A file processing apparatus for copying a file to a server connected via a network,
Check whether the application associated with the extension of the processing target file stored in the recording medium is operating, do not copy the processing target file to the server while the application is operating, A file copy control means for copying the file to be processed to the server when the termination of the application is confirmed;
When the processing target file is copied to the server, a reference file is created with the processing target file copied to the server as a reference destination, and the processing target file is deleted from the recording medium. A reference file creation and file deletion means;
A file list is acquired from the server, the file list is compared with a file list managed by the file processing apparatus, a file not stored in the recording medium is identified, and the identified file is referred to as a reference destination. A reference file creation means for creating a reference file to be
A file processing apparatus comprising: The file processing apparatus according to claim 1,
An application that, when the reference file is selected by the user, acquires the file to be processed from the server on the recording medium based on the reference file, and starts an application associated with the extension of the acquired file A file processing apparatus further comprising an activation unit. The file processing apparatus according to any one of claims 1 to 2 ,
The file copy control unit operates not as an API or device driver of an operating system that operates on the file processing apparatus but as a function extension of a filer that is an application that operates on the operating system. The file processing apparatus according to any one of claims 1 to 3 ,
The file processing apparatus, wherein the reference file includes an address for accessing the file copied to the server. A file processing method in a computer included in a file processing apparatus for copying a file to a server connected via a network,
Check whether the application associated with the extension of the processing target file stored in the recording medium is operating, do not copy the processing target file to the server while the application is operating, Copying the file to be processed to the server when confirming termination of the application; and
When the processing target file is copied to the server, a reference file is created with the processing target file copied to the server as a reference destination, and the processing target file is deleted from the recording medium. Steps,
A file list is acquired from the server, the file list is compared with a file list managed by the file processing device, a file not stored in the recording medium is identified, and the identified file is referred to as a reference destination. A reference file creation step for creating a reference file to be performed;
A file processing method comprising: A computer included in a file processing apparatus that copies a file to a server connected via a network,
Check whether the application associated with the extension of the processing target file stored in the recording medium is operating, do not copy the processing target file to the server while the application is operating, A file copy control means for copying the file to be processed to the server when the termination of the application is confirmed; and
When the processing target file is copied to the server, a reference file is created with the processing target file copied to the server as a reference destination, and the processing target file is deleted from the recording medium. Reference file creation and file deletion means,
A file list is acquired from the server, the file list is compared with a file list managed by the file processing device, a file not stored in the recording medium is identified, and the identified file is referred to as a reference destination. A file processing program that functions as reference file creation means for creating a reference file to be created .

Images