JP4943751B2 - Electronic data access control system, program, and information storage medium - Google Patents

Description

  The present invention relates to an electronic data access control system, a program, and an information storage medium.

Conventionally, there has been a technology that combines a position detection function and data display. Patent Document 1 is given as a reference example. In Patent Document 1, when there is a connection request from a mobile terminal, the user's authentication information and location information are acquired from the mobile terminal, and the information providing server confirms the information access right based on these information, It is described that predetermined information is transmitted to a mobile terminal.
JP 2004-320617 A

  In an office environment open to a third party, there is a possibility that the third party can see confidential data. Therefore, some kind of security measures are required, but it is difficult to apply full security in an open office environment.

  In the prior art, since the browsing file itself is not restricted, once downloaded, there is a possibility that it will be browsed by unauthorized persons.

  In addition, there is a problem that there is no means for preventing browsing when a file leaks due to a virus or the like.

  The present invention has been made in view of the above points, and an object thereof is to provide an electronic data access control system, a program, and an information storage medium that can be accessed only by an authorized person at an authorized place. There is to do.

(1) The present invention
An electronic data access control system,
A storage unit that stores access authority information related to an access permission condition of electronic data in which access authority is set in association with user identification information and position information;
An electronic file storage unit for storing an electronic file including electronic data to which the access authority is set;
A current position information acquisition unit for acquiring current position information of a user under system control in association with user identification information;
A personal authentication processing unit for performing personal authentication on the user identification information of the accessor to the electronic data for which the access authority is set;
For the electronic data to which the access authority is set, based on the user identification information obtained by authenticating the user, the current position information obtained in association with the user identification information, and the access authority information set in the electronic data. An access authority determination unit that determines access authority to the electronic data permitted to
An electronic data access processing unit that performs an access process on the electronic data stored in the electronic file storage unit, based on the access authority for the electronic data permitted to the access owner determined by the access authority determination unit;
Including
The electronic file storage unit
The electronic data is encrypted and stored;
The access authority determination unit
Perform processing to provide a decryption key for encrypted electronic data based on the determined access authority,
The electronic data access processing unit
The present invention relates to an electronic data access control system that performs decryption based on a provided decryption key and then performs access processing on the electronic data based on the permitted access authority.

  The present invention also relates to a program that causes a computer to function as each of the above-described units. The present invention also relates to a computer-readable information storage medium that stores (records) a program that causes a computer to function as each unit.

  The user identification information is information for specifying which user, for example, a user name or a user identification ID.

  Electronic data in which access authority is set in association with user identification information and location information is not only the case in which access authority is set in association with user identification information itself, but also user attributes that can be associated with user identification information Etc. (information that can be identified from user identification information such as the department to which the user belongs) is also included.

  The current position information acquired in association with the user identification information may be the user's own position information corresponding to the user identification information, the terminal position information corresponding to the user identification information, or both.

  Further, the current position information received by the current position information acquisition unit may be a coordinate value representing the position of the user, or area information specifying the area to which the user position belongs.

  The user's current position information only needs to be acquired by some means. For example, an electronic tag with a transmission function worn by the user (for example, transmitting user identification information by RFID) and a wireless receiver installed in each area Etc., for example, using an ID card (user identification information is stored) possessed by the user and an ID card reader installed in each area. May be.

  The personal authentication is a mechanism for assuring that the accessing person is the person. For example, a configuration may be adopted in which the user authentication is performed by inputting a registered password for the user identification information. Further, for example, a configuration may be adopted in which personal authentication is performed by inputting a fingerprint, a voiceprint, or the like registered for user identification information.

  The access authority determination unit determines access authority at a predetermined timing. For example, the access authority may be determined at the timing of reading electronic data. The access authority may be determined when a change in the location of the accessor is detected or when an authentication request is received again.

  The electronic data access control system of the present invention is configured such that the server device acquires the current position information of the user and determines the access authority of the file in the client terminal based on the current position information, the user identification information, and the access authority information. It may be realized as a system.

  In addition, the electronic data access control system of the present invention enables communication between a client terminal that accesses electronic data and a server device that acquires location information and determines access authority based on the location information and user identification information via a network. You may implement | achieve as a system of the structure comprised by these.

  In that case, a current position information acquisition unit may be provided in the server device, the user position information may be stored in association with the user identification information, and updated if there is a change.

  When access authority is set in association with user attributes, etc. that can be associated with the electronic data from the user identification information, the server device stores the association information regarding the user identification information and the attribute information to which the user belongs. You may do it.

  Further, the electronic data is stored in the client terminal, and the server device may perform access authority determination for the electronic data access processing performed in the client terminal and access permission control according to the determination result.

  In the electronic data of the present invention, the access right determined by the combination of the user identification information (which user) or the user's attribute (which user has which attribute) and the position (currently where) is set. , You can not access without the right access.

  In the present invention, when access is made, access authority is determined based on the current location of the user (or terminal) and user authentication information.

  Accordingly, when access is not possible, a system capable of controlling access to electronic data by combining user authentication and user (or terminal) location authentication by performing control to disable access to electronic data. Can be provided.

  Accordingly, it is possible to provide an electronic data access control system in which an authorized person can access electronic data only at an authorized place.

  Further, in the present invention, security can be ensured without restricting the download itself, so file distribution with security can be ensured. This is because even if downloaded, it cannot be decrypted without the access authority permitted by the personal authentication or the location authentication. As described above, even if an unauthorized person takes out electronic data, it cannot be decrypted, so that there is an effect that unauthorized access and information leakage are unlikely to occur.

  Performing access processing for the electronic data based on the access authority means that a user who does not have access authority cannot perform access processing for the electronic data.

  According to the present invention, the access processing for the electronic data is performed based on the access authority determined by the access authority determination unit, so that the authorized person performs the electronic data access process that can access the electronic data only at the authorized location. be able to.

  The electronic data access control system of the present invention can communicate via a network with a client terminal that accesses electronic data and a server device that obtains location information and determines access authority based on location information and user identification information. When realized as a system configured as described above, the electronic file storage unit and the electronic data access processing unit may be provided in the client terminal.

  Providing a decryption key for electronic data encrypted based on the access authority means, for example, providing a decryption key for electronic data when there is an access authority.

  Since the electronic data is encrypted and stored, the contents cannot be browsed only by having the electronic data. According to the present invention, the encrypted electronic data cannot be decrypted when there is no access authority. Therefore, even if an unauthorized person takes out the electronic data, it cannot be decrypted. An access control system can be provided.

(2) In the electronic data access control system, program and information storage medium according to the present invention,
The electronic data access processing unit
An access authority determination unit is made an authentication request for access authority, and based on the access authority determination information received in response to the authentication request, an access process is performed on the electronic data stored in the electronic file storage unit,
The access authority determination unit
When an access authority authentication request is received, the access authority for the electronic data permitted by the accessor is determined, and access authority determination information is sent to the electronic data access processing unit.

  According to the present invention, it is possible to perform electronic data access control with an access authority corresponding to the location information of the main user accessing at the timing of making an authentication request.

  Therefore, for example, by setting the authentication request to be performed when reading electronic data or detecting a change in the location of the access owner, an electronic device that reflects the access authority that changes according to the change in the location of the access owner in real time. Data access control can be performed.

  The electronic data access control system of the present invention enables communication between a client terminal that accesses electronic data and a server device that acquires location information and determines access authority based on location information and user identification information via a network. When realized as a system having a configured configuration, an electronic data access processing unit may be provided in the client terminal, and an access authority determining unit may be provided in the server device.

(3) In the electronic data access control system, program and information storage medium according to the present invention,
The electronic file storage unit
Encrypted electronic data encrypted with the first key, access authority information of the electronic data encrypted with a key other than the first key in association with the encrypted electronic data, and other than the first key Storing information relating to the decryption key of the electronic data encrypted with the key of
The electronic data access processing unit
When making an authentication request, send information on the encrypted access authority information and the decryption key of the encrypted electronic data,
The access authority determination unit
It holds a decryption key for decrypting the encrypted access authority information and the information related to the encrypted decryption key, and decrypts the access authority information and the information related to the decryption key of the electronic data based on the decryption key. And

  The encryption of the electronic data by the first key may be performed by the creator of the electronic data, for example. As the first key, a common key used in common for encryption and decryption may be used. When a common key is used as the first key, the decryption key for the electronic data is the first key.

  For example, the creator of the electronic data may perform encryption using a key other than the first key of the access authority information and the decryption key of the electronic data. The key other than the first key is, for example, a public key published by the access authority determining unit, and the access authority determining unit decrypts the encrypted access authority information and the information related to the encrypted decryption key. The decryption key may be held as a secret key.

  According to the present invention, the access authority information and the decryption key are read only by the access authority determination unit because the access authority information and the decryption key are present only in the access authority determination unit. I can't.

(4) In the electronic data access control system, program and information storage medium according to the present invention,
In the access authority information, presence or absence of access authority is set according to the type of access to electronic data,
The access authority determination unit
For the electronic data in which the presence or absence of access authority is set according to the type of access, the user identification information obtained by authenticating the user, the current location information obtained in association with the user identification information, and the electronic data set in the electronic data Based on the access authority information, determine an access authority for a given type of access to the electronic data of the accessor,
The electronic data access processing unit
About the given type of access to the electronic data stored in the electronic file storage unit based on the access right for the given type of access to the electronic data permitted by the access owner determined by the access right determination unit The access processing is performed.

  Access types include, for example, browsing, writing (updating), copying (duplicating, partial copying, screen copying, hard copying, etc.), printing, saving a file by another name, changing file access authority, and the like. According to the present invention, it is possible to set access authority in association with user authentication information and location for each type for different types of access.

  For example, an access right for browsing the file, an access right for writing to the file, an access right for printing the file, an access right for copying the wording of the file, and the like are set.

  Therefore, even with one piece of electronic data, different authority settings can be set according to the type of access, and appropriate access control according to the type of access can be performed.

(5) In the electronic data access control system, program and information storage medium according to the present invention,
The access authority determination unit
Determining whether or not the current position information obtained in association with the user identification information of the accessor who is accessing the electronic data satisfies a preset position change condition;
When the location change condition is satisfied, for the electronic data to which the access authority is set, the user identification information obtained by authenticating the user, the current location information after the change obtained in association with the user identification information, and the Based on the access authority information set for the electronic data, the access authority for the electronic data permitted by the accessor is re-determined.

  According to the present invention, the access authority can be changed in real time according to a change in the position of the user.

(6) In the electronic data access control system, program and information storage medium according to the present invention,
Control that causes re-authentication of the access right of the electronic data being accessed when the current position information obtained in association with the user identification information of the accessing person who is accessing the electronic data satisfies a preset position change condition And a re-authentication control unit that performs the above.

  The electronic data access control system of the present invention enables communication between a client terminal that accesses electronic data and a server device that acquires location information and determines access authority based on location information and user identification information via a network. When realized as a configured system, the current position information obtained by the access authority determination unit provided in the server device in association with the user identification information of the accessor who is accessing the electronic data is preset. When the location change condition is satisfied, a location change notification signal is generated and transmitted to the client terminal via the network, and the re-authentication control unit provided in the client terminal receives the location change notification signal via the network. In such a case, control is performed to re-authenticate the access right of the electronic data being accessed. It may be.

(7) In the electronic data access control system, program and information storage medium according to the present invention,
The access authority determination unit
Whether the current location information acquired in association with the user identification information of the accessor who is accessing the electronic data and the current location information acquired in association with the user identification information of another user satisfy the preset access right change condition Determine whether
When the access right changing condition is satisfied, the access right is temporarily changed.

  For example, the distance between multiple users is calculated from the acquired user position, and the distance between the accessing user and another user is closer than a certain threshold, or there is another user in the same area as the accessing user. In some cases, it may be determined that the access right change condition is satisfied.

  According to the present invention, access authority can be changed when another user approaches the accessing user. Accordingly, it is possible to prevent a situation (shoulder hacking) in which electronic data is seen by other users nearby while the user is accessing.

(8) In the electronic data access control system, program and information storage medium according to the present invention,
The access authority determination unit
The access owner who is accessing the electronic data and another user whose access authority level is lower than that of the access owner are in a predetermined positional relationship, or the other user exists in a predetermined area. To determine whether or not the first access right change condition set for detecting the case to be satisfied,
When the first access authority change condition is satisfied, the electronic data for which the access authority is set are obtained by associating the user identification information obtained by authenticating the identity of the other user and the user identification information. Based on the location information and the access authority information set for the electronic data, the access authority for the electronic data granted to other users is determined and temporarily changed to the determined access authority of the other users. Features.

  “Temporarily” refers to a period of time or until the positional relationship changes.

  According to the present invention, when the user A who has the appropriate access right is browsing the electronic data, when another user B who has the access right lower than the user A approaches, The access right can be switched to the level of another user B.

(9) In the electronic data access control system, program and information storage medium according to the present invention,
The access authority determination unit
The access owner who is accessing the electronic data and another user who has a higher access authority for the electronic data than the access owner have a predetermined positional relationship, or the other user exists in a predetermined area. Determine whether or not the second access right change condition set for detecting the case to be satisfied,
When the second access authority change condition is satisfied, the electronic data for which the access authority is set are obtained by associating the user identification information obtained by authenticating the identity of the other user with the user identification information. Based on the location information and the access authority information set for the electronic data, the access authority for the electronic data granted to other users is determined and temporarily changed to the determined access authority of the other users. Features.

  “Temporarily” refers to a period of time or until the positional relationship changes.

  According to the present invention, when a user A having an appropriate access right is browsing electronic data, when another user C having an access right higher than his / her own approaches, the access is temporarily made. The right can be switched to the level of another user C.

(10) In the electronic data access control system, the program, and the information storage medium according to the present invention,
The access authority determination unit
When changing the access authority for electronic data to a level higher than the present level, it is determined whether or not the access can be changed based on a predetermined condition, and the access authority is changed only when it is determined that the access can be changed.

  According to the present invention, it is possible to strengthen security measures when changing the access right to a level higher than that of the accessor.

(11) In the electronic data access control system, program and information storage medium according to the present invention,
The access authority information includes permission conditions for changing access authority information for electronic data,
The access authority determination unit
Based on permission conditions for changing the access authority set in the access authority information of the electronic data, it is determined whether the access authority of the electronic data can be changed.

  By predetermining the conditions for changing the access right to a level higher than that of the accessor as access right information, appropriate security guards can be applied according to the contents of the electronic data.

(12) In the electronic data access control system, program and information storage medium according to the present invention,
A means for receiving an access permission command from a terminal of a user having higher access authority than an accessor who is accessing the electronic data;
The access authority determination unit
Based on the received access permission command, it is determined whether or not the access authority level of the electronic data can be changed.

  When changing the access right to a level higher than that of the accessor, by obtaining permission from a user with a high access level, it is possible to apply an appropriate security guard according to the situation.

(13) In the electronic data access control system, program and information storage medium according to the present invention,
It further includes a message output processing unit for performing a process of outputting a message for notifying the occurrence of the event when an event causing the change of the access authority occurs during the access.

  The message may be output as text or a message image on the screen, or may be output in the form of a warning sound or the like.

  From the viewpoint of preventing shoulder hacking and the like, it is preferable to notify by a message when a person with low access rights approaches. When the first access authority change condition is satisfied, it is preferable to output a message for notifying that an event that satisfies the first access authority change condition has occurred.

(14) In the electronic data access control system, program and information storage medium according to the present invention,
An access cancellation control unit that performs control to cancel the access of the electronic data being accessed when the access authority is changed is included.

  The access cancellation process means a process for ending the currently performed access process or a process for ending the application program for the access process.

(15) The present invention provides:
An electronic data access control system,
A storage unit that stores access authority information related to an access permission condition of electronic data in which access authority is set in association with user identification information and position information;
A current position information acquisition unit for acquiring current position information of a user under system control in association with user identification information;
A personal authentication processing unit for performing personal authentication on the user identification information of the accessor to the electronic data for which the access authority is set;
For the electronic data to which the access authority is set, based on the user identification information obtained by authenticating the user, the current position information obtained in association with the user identification information, and the access authority information set in the electronic data. An access authority determination unit that determines access authority to the electronic data permitted to
Related to an electronic data access control system.

  The present invention also relates to a program that causes a computer to function as each of the above-described units. The present invention also relates to a computer-readable information storage medium that stores (records) a program that causes a computer to function as each unit.

(16) The present invention provides:
An authority determination system,
A storage unit for storing program execution authority information related to a program execution permission condition in which program execution authority is set in association with user identification information and position information;
A current position information acquisition unit for acquiring current position information of a user under system control in association with user identification information;
A user authentication processing unit for performing user authentication on the user identification information of the execution instruction main person for the program for which the program execution authority is set;
For the program for which the program execution authority is set, based on the user identification information obtained by authenticating the user, the current position information obtained in association with the user identification information, and the program execution authority information set for the program. A program execution authority limit determination unit for determining the program execution authority of the execution instruction main body;
It is related with the authority determination system characterized by including.

  The present invention also relates to a program that causes a computer to function as each of the above-described units. The present invention also relates to a computer-readable information storage medium that stores (records) a program that causes a computer to function as each unit.

  Hereinafter, this embodiment will be described. In addition, this embodiment demonstrated below does not unduly limit the content of this invention described in the claim. In addition, all the configurations described in the present embodiment are not necessarily essential configuration requirements of the present invention.

1. Configuration of the Embodiment FIG. 1 is a diagram for explaining an example of the configuration of the electronic data access control system of the embodiment.

  The electronic data access control system 1 of the present embodiment includes a server device 100 of the electronic data access control system and an information terminal (hereinafter referred to as “client terminal”) 20 through which a user accesses electronic data.

  As means for detecting the current position of the user 32, the wireless transmitter 30 possessed by each user 32 and the transmission information (user identification information and the like are transmitted) from each user's wireless transmitter 30 are received. , Wireless receiver 1 (40-1),..., Wireless receiver n (40-n) may be installed. The wireless transmitter 30 and the wireless receiver 1 (40-1),..., The wireless receiver n (40-n) are, for example, Bluetooth, PHS, wireless LAN, Internet (for example, i-mode (registration of a mobile phone)) Trademarks)) or the like can be connected via a wireless network 12.

  The server apparatus 100, the client terminal 20, the wireless receiver 1 (40-1),..., The wireless receiver n (40-n) are connected via a network 10 such as a LAN or the Internet. The transmission line of the network 10 may include a wireless transmission line or may be connected by a wired transmission line. Further, a general line may be used or a dedicated line may be used.

  The client terminal 20 stores electronic data to which access authority is set in association with the user identification information and location information, and accesses the electronic data to which access authority is set by an access request from the user 32 according to the access authority. Processing (viewing, writing (updating), copying (duplicating, partial copying, screen copying, hard copying, etc.), printing, saving a file by another name, changing file access authority, etc.). Since the access authority is given when the user identification information, the attribute information, and the current position information satisfy a predetermined condition, the authorized user can access only at the authorized place.

  In addition, the client terminal 20 may perform personal authentication on the user identification information of the accessor for the electronic data for which access authority is set. The personal authentication is a mechanism for assuring that the accessing person is the person. For example, a configuration may be adopted in which the user authentication is performed by inputting a registered password for the user identification information. Further, for example, a configuration may be adopted in which personal authentication is performed by inputting a fingerprint, a voiceprint, or the like registered for user identification information.

  The personal authentication may be performed in cooperation between the client terminal 20 and the server device 100. For example, passwords, fingerprints and voiceprints may be input on the client terminal side, and registration data (passwords, fingerprints and voiceprints) for comparison with these may be stored on the server side. The client terminal may be configured to download registration data from the server and perform comparison processing for authentication, or the input data such as passwords, fingerprints, and voiceprints may be sent to the server device 100 for authentication by the server device 100. A configuration for performing the comparison process may be used.

  The server device 100 functions as a position detection server 102, an authentication server 104, and a database 150.

  The position detection server 102 receives information received by the wireless receiver 1 (40-1), ..., wireless receiver n (40-n) disposed in each area via the network 10, and receives the received information. Information of the current position of the user is acquired based on the above, and a change in access authority accompanying a change process of the user current position information in the user database 150 or a change in the position of the user during electronic data access is detected.

  The authentication server 104 includes, for the electronic data to which the access authority is set, user identification information obtained by authenticating the user, current position information obtained in association with the user identification information, and access authority information set in the electronic data. Based on the above, the access authority is determined to determine the access authority for the electronic data permitted by the accessor.

  For example, when access is made to electronic data for which access authority is set in the client terminal 20, the client terminal 20 may make an authentication request for access authority to the authentication server 104 via the network 10. . When the authentication server 104 receives the access authority authentication request via the network 10, the authentication server 104 determines the access authority for the electronic data permitted by the accessor, and transmits the access authority determination information to the client terminal 20 via the network 10. You may make it do. Then, the client terminal 20 may perform access processing on the electronic data stored in the electronic file storage unit based on the access authority determination information corresponding to the authentication request received through the network 10.

  A method for detecting the current position will be described.

  For example, an ultrasonic transmitter is used as the wireless transmitter 30, and the ultrasonic receivers are arranged at predetermined intervals in the office as the wireless receiver 1 (40-1), ..., wireless receiver n (40-n). To do. The arrangement interval of the wireless receivers is appropriately set based on the ultrasonic wave receivable range. For example, if the ultrasonic wave receivable range is about 10 m, the wireless receivers may be arranged at intervals of about 10 m. Then, the position information of the given radio transmitter may be calculated based on the time difference when a plurality of radio receivers receive signals transmitted from the given radio transmitter.

  Also, an area is set in association with the access authority area set in the electronic data in the office where the user works, and the wireless receiver 1 (40-1),..., Wireless receiver n (40- n) may be installed. Here, when the receivable area of the transmission data of the wireless transmitter 30 is set to be limited to the area, the area where the user is present can be detected depending on which wireless receiver has received.

  The wireless transmitter 30 may include a wireless transmission unit, an ID storage unit, a power supply unit, an antenna, and the like, and may transmit user identification information stored in the ID storage unit using infrared rays, ultrasonic waves, or the like.

  The wireless receiver 1 (40-1),..., The wireless receiver n (40-n) includes a wireless reception unit, a communication unit, an antenna, and the like, and is transmitted from the wireless transmitter 30 within a predetermined range. Receive data.

  Note that the wireless transmitter 30 may be incorporated into, for example, a name plate or ID card possessed by the user, and may be realized by, for example, an oscillation tag (RFID or the like) or a non-contact type IC card.

  Here, the non-contact type IC card is an IC card with a built-in chip that reads data without bringing the card terminal and the machine terminal into contact with each other. Exchange data wirelessly. A coil serving as an antenna is built in the card, and data can be exchanged by wireless communication when the card is held over a magnetic field generated from a reader / writer of a reader.

  When a non-contact type IC card is used as the radio transmitter 30, the radio receiver 1 (40-1), ..., the radio receiver n (40-n) uses a non-contact type data reader. Can be configured. In this case, the wireless receiver 1 (40-1), ..., wireless receiver n (40-n), which is a non-contact type data reader, reads the user identification information stored in the non-contact type IC card. become. Therefore, in each area, the wireless receiver 1 (40-1),...,. The user's current position may be determined based on whether the user has read the data.

2. Configuration of Server Device FIG. 2 is an example of a functional block diagram of the server device 100 of the electronic data access control system of this embodiment. Note that the functions of the server apparatus 100 of the system described below may be executed by being physically distributed among a plurality of computers, for example.

  The server device 100 of the electronic data access control system includes a host computer 120 and a database 150.

  The host computer 120 includes a processing unit 130, a storage unit 122, an information storage medium 126, and a transmission / reception unit 124.

  The transmission / reception unit 124 exchanges data with the client terminal 20 and the database 150 and has both a transmission function and a reception function. However, the transmission / reception unit 124 may be distributed between the transmission unit and the reception unit to realize the transmission / reception function.

  The storage unit 122 serves as a work area for the processing unit 130, the transmission / reception unit 124, and the like, and its functions are realized by hardware such as a RAM.

  The processing unit 130 determines which terminal has transmitted the request based on the received processing request and what kind of processing request it performs, and performs various processing. The function of the processing unit 130 is hardware (CPU, DSP, etc.). This is realized by a combination of an ASIC such as a processor or a gate array) and a program (game program, firmware, or the like). However, all the functions of the processing unit 130 may be realized by hardware, or all of them may be realized by a program.

  The processing unit 130 includes a current position information acquisition unit 132 and an access authority determination unit 134.

  The current position information acquisition unit 132 acquires the current position information of the user under system control in association with the user identification information. 1 so as to obtain the current position information of the user in association with the user identification information based on the information received from the wireless receiver n (40-n). It may be.

  The access authority determination unit 134, for the electronic data for which the access authority is set, the user identification information obtained by authenticating the user, the current position information obtained in association with the user identification information, and the access set for the electronic data Based on the authority information, a process of determining an access authority for the electronic data permitted by the accessor is performed.

  The function as the position detection server 102 (see FIG. 1) can be realized by the current position information acquisition unit 132.

  In addition, upon receiving an access authority authentication request, the access authority determining unit 134 may determine an access authority for the electronic data permitted by the accessor, and transmit access authority determination information to the client terminal.

  Further, the access authority determination unit 134 may perform a process of providing a decryption key for electronic data encrypted based on the determined access authority.

  The access authority determination unit 134 also holds a decryption key for decrypting the encrypted access authority information and the information related to the encrypted decryption key, and based on the decryption key, the access authority information and the electronic data decryption key The information regarding may be decoded.

  The access authority determination unit 134 includes, for electronic data in which presence / absence of access authority is set according to the type of access, user identification information obtained by authenticating the user, current position information obtained in association with the user identification information, The access authority for a given type of access to the electronic data of the accessor may be determined based on the access authority information set in the electronic data.

  The access authority determination unit 134 determines whether or not the current position information obtained in association with the user identification information of the accessor who is accessing the electronic data satisfies a preset position change condition, and satisfies the position change condition. In the case of the electronic data for which the access authority is set, the user identification information obtained by authenticating the user, the changed current position information obtained in association with the user identification information, and the electronic data are set. Based on the access authority information, the access authority for the electronic data permitted by the accessor may be determined again.

  The access authority determining unit 134 sets the current position information acquired in association with the user identification information of the accessor who is accessing the electronic data and the current position information acquired in association with the user identification information of another user in the preset access. It is determined whether or not the right change condition is satisfied, and when the access right change condition is satisfied, the access right may be temporarily changed.

  The access authority determination unit 134 is configured when the access owner who is accessing the electronic data and another user whose access authority is lower than the access owner have a predetermined positional relationship or the other It is determined whether or not the first access right change condition set for detecting the case where the user exists in a predetermined area is satisfied. When the first access right change condition is satisfied, the access right is With respect to the set electronic data, based on the user identification information obtained by authenticating the identity of the other user, the current location information obtained in association with the user identification information, and the access authority information set in the electronic data The access authority for the electronic data that is granted to other users is determined, and the access authority for the determined other users is temporarily changed. It may be so.

  The access authority determining unit 134 is configured when the access owner who is accessing the electronic data and another user whose access authority is higher than the access owner have a predetermined positional relationship or the other It is determined whether or not the second access right change condition set for detecting the case where the user exists in the predetermined area is satisfied. If the second access right change condition is satisfied, the access right is With respect to the set electronic data, based on the user identification information obtained by authenticating the identity of the other user, the current location information obtained in association with the user identification information, and the access authority information set in the electronic data The access authority for the electronic data that is granted to other users is determined, and the access authority for the determined other users is temporarily changed. It may be so.

  When changing the access authority for electronic data to a higher level than the current level, the access authority determination unit 134 determines whether or not the access can be changed based on a predetermined condition, and changes the access authority only when it is determined that the access can be changed. You may make it do.

  The access authority determination unit 134 may determine whether or not the access authority of the electronic data can be changed based on the permission condition for changing the access authority set in the access authority information of the electronic data.

  The access authority determination unit 134 may determine whether or not the access authority level of the electronic data can be changed based on the received access permission command.

  The access authority determination unit 134 can realize a function as the authentication server 104 (see FIG. 1).

  An information storage medium (storage medium usable by a computer) 126 stores information such as programs and data, and functions thereof are an optical disk (CD, DVD), a magneto-optical disk (MO), a magnetic disk, and a hard disk. It can be realized by hardware such as a magnetic tape or a memory (ROM).

  The processing unit 130 performs various processes of the present invention (this embodiment) based on information stored in the information storage medium 180. That is, the information storage medium 126 stores information (program or data) for executing the means of the present invention (this embodiment) (particularly, the blocks included in the processing unit 110).

  The other functions described above can also be realized by reading information from the information storage medium 126.

  The program, data, and the like stored in the information recording medium 126 may be partially or entirely received via a transmission medium such as a network line. In other words, the host computer 120 receives the program, data, etc. in the form embodied in a carrier wave from a predetermined host terminal device or the like via the network instead of the information storage medium 126 and performs the various functions described above. It can also be realized.

  The database 150 includes a transmission / reception unit 152 that transmits / receives data to / from the host computer 120, and an information storage unit 160 that stores user identification information 162 and user position information 164 in a usable state. 400 (see FIG. 3).

  The information storage unit 160 is a CPU-readable storage medium such as a magnetic or optical recording medium or a semiconductor memory, and is realized by, for example, a RAM, a hard disk (magnetic disk), a flexible disk, a CD-ROM, or the like.

  The user attribute information 162 stores information related to user attributes (for example, a department to which the user belongs, members, etc.) in association with the user identification information.

  In the user position information 164, information related to the current position of the user (for example, an area where the user exists) is stored in association with the user identification information.

3. User Information Database FIG. 3 is a diagram for explaining the user information database.

  In association with a user name (user identification information) 410, the user information database 400 stores a member (an example of attribute information) 420 to which the user belongs and an area (position information) 430 where the user is currently located. Note that the information in the area 430 is updated in real time with the position information acquired by the current position acquisition unit.

4). Configuration of Client Terminal FIG. 4 is an example of a functional block diagram of the client terminal 20 of the present embodiment. Note that the client terminal 20 of the present embodiment does not have to include all the components (each unit) in FIG. 4 and may have a configuration in which some are omitted.

  The operation unit 260 is for inputting user operations and the like as data, and the function can be realized by hardware such as a keyboard and a mouse.

  The storage unit 270 serves as a work area for the processing unit 200, the communication unit 296, and the like, and its function can be realized by hardware such as a RAM.

  The storage unit 270 includes an electronic file storage unit 272.

  The electronic file storage unit 272 stores electronic data in which access authority is set in association with user identification information and position information.

  Also, the electronic file storage unit 272 accesses the encrypted electronic data encrypted with the first key and the electronic data encrypted with a key other than the first key in association with the encrypted electronic data. You may make it memorize | store the information regarding the authority information and the decryption key of the said electronic data encrypted with keys other than a 1st key.

  Note that the access authority information may store electronic data in which presence or absence of access authority is set according to the type of access to the electronic data.

  The information storage medium 280 (a computer-readable medium) stores programs, data, and the like, and functions as an optical disk (CD, DVD, etc.), magneto-optical disk (MO), magnetic disk, hard disk, magnetic It can be realized by hardware such as a tape or a memory (ROM).

  The information storage medium 280 stores auxiliary data (additional data) for a program that causes a computer to function as each unit of the present embodiment.

  The processing unit 200 performs various processes of the present embodiment based on a program (data) stored in the information storage medium 280, data read from the information storage medium 280, and the like. That is, the information storage medium 280 stores a program for causing a computer to function as each unit of the present embodiment (a program for causing a computer to execute processing of each unit).

  The display unit 290 outputs an image generated according to the present embodiment, and functions thereof are a CRT display, an LCD (liquid crystal display), an OELD (organic EL display), a PDP (plasma display panel), and a touch panel display. It can be realized by hardware such as.

  The sound output unit 292 outputs the sound generated by the present embodiment, and its function can be realized by hardware such as a speaker or headphones.

  The communication unit 296 performs various controls for communicating with the outside (for example, a server device or another terminal), and functions thereof are hardware such as various processors or communication ASICs, It can be realized by a program.

  Note that a program (data) for causing a computer to function as each unit of the present embodiment is transferred from the information storage medium included in the host device (server device) to the information storage medium 280 (or storage unit 270) via the network and communication unit 296. You may make it deliver. Use of the information storage medium of such a host device (server device or the like) can also be included in the scope of the present invention.

  The processing unit 200 (processor) performs file browsing, updating, creation processing, display control processing, and the like based on operation data and programs from the operation unit 260. The processing unit 200 performs various processes using the storage unit 270 as a work area. The functions of the processing unit 200 can be realized by hardware such as various processors (CPU, DSP, etc.), ASIC (gate array, etc.), application programs, and OS (for example, general-purpose OS).

  The processing unit 200 includes an electronic data access processing unit 210, a re-authentication control unit 220, a message output control unit 230, and a personal authentication processing unit 240.

  The electronic data access processing unit 210 performs an access process for the electronic data stored in the electronic file storage unit based on the access authority for the electronic data permitted by the access owner determined by the access authority determination unit.

  The electronic data access processing unit 210 makes an authentication request for the access authority to the access authority determining unit, and based on the access authority determining information received in response to the authentication request, for the electronic data stored in the electronic file storage unit Access processing may be performed.

  The electronic data access processing unit 210 may perform an access process on the electronic data based on the permitted access authority after decryption based on the provided decryption key.

  When making an authentication request, the electronic data access processing unit 210 may send the encrypted access authority information and information related to the decryption key of the encrypted electronic data.

  The electronic data access processing unit 210 stores the electronic data stored in the electronic file storage unit based on the access authority for the given type of access to the electronic data permitted to the access owner determined by the access authority determining unit. Access processing may be performed for a given type of access to.

  The electronic data access processing 210 may be realized using, for example, general-purpose word processor software or the like (an application that functions as an electronic data access processing unit).

  The re-authentication control unit 220 performs control to re-authenticate the access right of the electronic data being accessed when the access right is changed.

  When an event that causes a change in access authority occurs during access, the message output control unit 230 performs processing for outputting a message for notifying the occurrence of the event.

  The personal authentication processing unit 240 performs personal authentication processing on the user identification information of the accessor for the electronic data for which access authority is set.

5. Example of Access Authority Setting FIGS. 5A and 5B are diagrams for describing an example of setting access authority for electronic data according to the present embodiment.

  The electronic data of this embodiment is associated with user identification information and attribute information and position information that can be uniquely associated with the user identification information. Or information on the types of access that can be permitted).

  FIG. 5A shows the access authority set for given electronic data, which is the personnel department confidential material. FIG. 5B shows the access authority set for given electronic data that is confidential information of the sales department.

  The access authority 320 is the type (content) of access permitted, and the member 330 is a condition (a member of which department) to which the user for permitting the access authority 320 belongs (related to the user identification information). Area 340 is condition information relating to the current position of the user for permitting the access authority 320 (condition set in association with the position information).

  The member 330 means a user attribute, and is determined by the department to which the user belongs in this embodiment. The department (member) to which the user belongs can be uniquely associated from the user identification information. For example, as user attribute information 162 (see FIG. 2) in the database 150 of the server apparatus 100, a correspondence table between user identification information (user name and user ID) and a department (member) belonging to the user identification information 162 may be stored.

  Reference numeral 360 indicates that a user who is a member of the personnel department in the sales department area has read access authority for given electronic data that is confidential personnel department material.

  Reference numeral 362 denotes that the user of the personnel department member in the personnel department area has read / write access authority for given electronic data that is confidential personnel department material.

  Reference numeral 370 denotes that a user of a sales department member in the personnel department area has read access authority set for given electronic data which is confidential data of the sales department.

  Reference numeral 372 indicates that the read authority is set for the user of the personnel department member in the sales department area for the given electronic data which is the confidential data of the sales department.

  Reference numeral 374 indicates that the user of the sales department member in the sales department area has read / write access authority for given electronic data that is confidential business department data.

  As described above, the access authority determined by the department (member) to which the user belongs and the current position of the user is set in each electronic data.

  As described above, in this embodiment, presence / absence of access authority is set according to the type of access to electronic data, such as “read” and “read / write”. Accordingly, it is possible to set an appropriate access authority according to the type of access.

6). Encrypted Electronic File FIG. 6 is a diagram for explaining the encrypted electronic file.

  As shown in the figure, in this embodiment, the access authority information 310 is encrypted together with the content (electronic data) 350 as a part of the encrypted electronic file.

  The access authority information 310 may also include a content data decryption key 360.

  The content data (electronic data) 350 may be encrypted with a first key, and the access authority information 310 may be encrypted with a key other than the first key.

  The access authority information 310 encrypted here is configured not to be decrypted by the client terminal 20.

  A specific method of encryption will be described later in “14. Specific example of encryption / decryption processing of electronic data”.

  In the present embodiment, when the electronic data access processing 210 of the client terminal 20 reads a file, the encrypted access authority information 310 is sent to the server device 100 to request a decryption key for content data.

  In the access authority determination unit 134 of the server apparatus 100, the electronic data for which the access authority is set is stored in the user identification information obtained by authenticating the user, the current position information obtained in association with the user identification information, and the electronic data. Based on the set access authority information, the access authority for the electronic data permitted by the accessor is determined, and a decryption key for the electronic data encrypted based on the determined access authority is provided. For example, the server apparatus 100 holds a decryption key for access authority information that cannot be decrypted by the client terminal, decrypts the access authority information received from the client terminal 20, and provides the decryption key 360 to the client terminal that issued the authentication request. You may make it do.

  In the electronic data access processing unit 210 of the client terminal 20, the content data (electronic data) 350 can be browsed by decrypting the content data (electronic data) 350 using the provided decryption key.

7). FIG. 7 is a flowchart for explaining the operations of the client terminal and the server device when reading a file according to the present embodiment.

  If there is a file read request at the client terminal, it is determined whether or not the file is encrypted. If the file is not encrypted, the file is browsed (steps S10 and S130).

  If it is encrypted, a decryption request is sent to the server device (steps S10 and S20). At the time of the decryption request, the encrypted access authority information of the target electronic data and the user identification information to the client terminal (assuming that the user identification information has been authenticated at this point) Send to server device. The access authority information to be transmitted is, for example, a part of the access authority information 310 in FIG.

  When the server apparatus accepts the decryption request, it obtains the corresponding user information (information on the department (member) and current area) from the user information database 400 based on the received user identification information (user name) ( Step S40).

  Then, based on the acquired user information, it is determined whether or not the user has access authority for reading electronic data (whether it can be viewed or not) (step S50). The access authority is determined based on this information after decrypting the encrypted access authority information received from the client terminal.

  If it is determined that the user has no access authority (cannot browse), the decryption request is rejected (a decryption key is not provided) (step S60).

  If it is determined that the user has an access right (can browse), a decryption key for decrypting the electronic data is transmitted (step S70). The decryption key is included in the access authority information as shown in FIG. 6, for example, and the decrypted key may be transmitted to the client terminal 20.

  Here, for example, if the user who made the decryption request is the user A, the user A obtains user information from the user information database that the department to which the user A belongs is a member of the personnel department and is currently in the personnel department. (See FIG. 3). Further, when the access authority is the content shown in FIG. 6, since the user A corresponds to the personnel department member in the personnel department, it is determined that the electronic data has the “read / write” access authority, and the response data is The permitted access right information (information that the permitted access right is “read / write”) and the decryption key are transmitted to the client terminal 20.

  The client terminal 20 receives the response data transmitted from the server device (step S80).

  When the decryption key is obtained (such as when the response data includes the decryption key), the electronic data (content data) is decrypted based on the obtained decryption key, and based on the permitted access right information. Then, the access right that the user can access is set (steps S90, S110, S120).

  For example, when the target electronic data is HR department confidential data and user A makes an access request, permission access right information (information that the permitted access right is “read / write”) and response data Since the decryption key is received and the access authority is set to “read / write”, the electronic data can be read and written.

  As described above, according to the present embodiment, the access authority is determined based on the user identification information authenticated at the time of reading the file and the current position, so that the authorized person can access the electronic file only at the authorized place. An electronic data access control system can be provided.

8). Operation During Position Movement FIG. 8 is a flowchart for explaining the operation during position movement according to the present embodiment.

  The current position information acquisition unit 132 (position detection server) of the server apparatus 100 determines whether or not the area where the user exists has been changed based on the information on the user position received from the wireless reception unit (step S210).

  When the area where the user exists is changed, the area information of the corresponding user in the user information database is rewritten (step S220).

  If the user whose area has been changed is a user who is accessing electronic data, a re-authentication instruction is transmitted to the client terminal used by the user (steps S225 and S230).

  When the client terminal 20 accepts the re-authentication instruction (step S240), if the encrypted file is being browsed (step S250), the browsing pause processing is performed (step S260), and the previously received decryption key is deleted. Then, a decryption request is made again to the server device (step S280).

  At the time of the decryption request, as in the file reading operation described with reference to FIG. 7, the encrypted access authority information of the target electronic data and the user identification information (at this time) , The user authentication for the user identification information has been completed).

  When the server apparatus accepts the decryption request, it obtains the corresponding user information (information on the department (member) and current area) from the user information database 400 based on the received user identification information (user name) ( Steps S290 and S300).

  Then, based on the acquired user information, it is determined whether or not the user is authorized to access electronic data reading (can be viewed or not) (step S3100). The access authority is determined based on this information after decrypting the encrypted access authority information received from the client terminal.

  When it is determined that the user has no access authority (cannot browse), the decryption request is rejected (a decryption key is not provided) (steps S310 and S320).

  If it is determined that the user has access authority (can browse), a decryption key for decrypting the electronic data is transmitted (steps S310 and S330). The decryption key is included in the access authority information as shown in FIG. 6, for example, and the decrypted key may be transmitted to the client terminal 20.

  For example, in the case where the decryption request is made by the user A and the user A who has been in the personnel department moves to the sales department, the user A is a member of the personnel department from the user information database and is currently in the sales department. Get user information that Here, when the access authority is the content shown in FIG. 6, since user A corresponds to a personnel department member in the sales department, it is determined that the file has access authority only for reading, and permission access is given as response data. The right information (information that the permitted access right is “read”) and the decryption key are transmitted to the client terminal 20.

  For example, in the case where the decryption request is made by the user B and the user B who has been in the human resources department moves to the sales department, the user B is a sales department member from the user information database and is currently in the sales department. Get user information. If the access authority is the content shown in FIG. 6, user B corresponds to a sales department member in the sales department, and therefore it is determined that the file has no access authority for both reading and reading / writing. The decryption key is not transmitted.

  The client terminal 20 receives the response data transmitted from the server device (step S340).

  When the decryption key is obtained (such as when the response data includes the decryption key), the electronic data (content data) is decrypted based on the obtained decryption key, and based on the permitted access right information. Then, the access right that the user can access is set (steps S350, S360, S370).

  Here, for example, when the user A who was in the personnel department moves to the sales department, the access authority changes only from “read / write” (before change) to “read” (after change). Therefore, control is performed so that the user A after moving can view the file but cannot write to the file.

  For example, in the case where the user B who has been in the personnel department moves to the sales department, the access authority changes from “read” (before change) to none (after change). Therefore, the user B after moving cannot view the file.

  As described above, according to the present embodiment, an electronic data access control system is provided in which even when the electronic data is being browsed, the access right can be changed depending on the position. be able to.

9. Group Setting Example when Using General-Purpose Application FIGS. 9A and 9B are diagrams for describing group setting when the authentication server function is realized using existing authentication software.

  For example, a case where the authentication server function is realized using existing authentication software capable of registering whether authentication can be performed in groups will be described as an example.

  As shown in FIG. 9B, groups 504 and 514 are set according to the location where attribute information (information that can be derived from user identification information such as the department to which the user belongs) is set for development material 500 and personnel data 510, and access is made in units of groups. Authorities 502 and 512 are set.

  For example, when a sales department area and a personnel department area are set as areas, and a department to which a user belongs is a sales department and a personnel department, as shown in FIG. 9A, a sales department member group 530 in the sales department area, a personnel department There are four groups, a sales department member group 540 in the area, a personnel department member group 560 in the sales department area, and a personnel department member group 570 in the personnel department area. Become. Group registration is to register a group and its constituent members.

  In the present embodiment, when the presence area of each member changes due to the movement of each member, the group to which each member belongs also changes.

  For example, as shown in FIG. 9A, the member 520 belonging to the sales department belongs to either the sales department member group 530 in the sales department area or the sales department member group 540 in the personnel department area depending on the current area. Therefore, the member 550 belonging to the personnel department belongs to either the personnel department member group 560 in the sales department area or the personnel department member group 570 in the personnel department area depending on the current area.

  As described above, in the present embodiment, the contents of the registered members of the group also change in real time according to the area where the user exists. Therefore, when the area server detects the area movement of each member, the group to which the member belongs may be changed.

  When authenticating the file access authority, it is determined which department it belongs to based on the received user name (user identification information, here it is assumed that the user has already been authenticated), and information on the department and current location. Based on the above, the group to which the user belongs is determined. Then, the access authority set for the determined group (in FIG. 9B, the access authority that can be permitted for each group is set) is acquired to determine whether or not an access request can be made. It may be.

10. FIG. 10 is a sequence diagram for explaining the operation of the client terminal and the server device when reading a file when using a general application.

  In the client terminal 700, a general-purpose file access application (client side) (general-purpose software) 710 that performs processing (viewing, writing, copying, printing, etc.) for accessing the file 720 or a re-authentication control application (dedicated software for this system) 730 and a general-purpose operating system (not shown) for operating these are installed, and the functions on the client side of the electronic data access control system of the present embodiment are realized by operating these together. To do. Also, the electronic data of this embodiment is stored as one of the client files 720.

  Here, the file access application (client side) (general-purpose software) 710 and a general-purpose operating system cooperate to function as an electronic data access processing unit (210 in FIG. 4). The re-authentication control application 730 functions as a re-authentication control unit (220 in FIG. 4).

  In the server device 600, a general-purpose file access application (server side) (general-purpose software) 610 or an application (general-purpose software) for functioning as an authentication server 620 for performing processing (viewing, writing, copying, printing, etc.) for accessing the file 720 ) And an application (dedicated software) for functioning as the location server 630 are installed, and by operating together, the server-side functions of the electronic data access control system of the present embodiment are realized. .

  Here, the file access application (server side) (general-purpose software) 610 and the authentication server 620 cooperate to function as an access authority determination unit (134 in FIG. 2). The location server 630 functions as a current location information acquisition unit.

  First, the file access application (client side) 710 reads a file 720 with appropriate settings (a1).

  Next, the file access application (client side) 710 requests the server device 600 for a decryption key (a2). In the case of the decryption request, the encrypted access authority information of the target electronic data and the user identification information (user name) of the client terminal are transmitted to the server apparatus 600.

  The file access application (server side) 610 of the server device 600 acquires user information registered in the authentication server 620 based on the user identification information that has issued the decryption key request (a3). Since the group described in FIG. 9A is registered in the authentication server 620, information on the group to which the user belongs is acquired as user information based on the user identification information.

  Then, the file access application (server side) 610 determines permission / non-permission of the decryption key request from the information of the group to which it belongs and the access authority information of the file. On the other hand, the decryption key and the permitted access right information are transmitted (a4).

  In the client terminal 700, the file access application (client side) 710 decrypts the electronic data based on the received decryption key, and the reading of the document is completed.

11. FIG. 11 is a sequence diagram for explaining the operations of the client terminal and the server device at the time of position movement when a general-purpose application is used.

  When the location server 630 detects the user's area movement, the user group registered in the authentication server 620 is changed as described with reference to FIG. 9A (b1). When the access authority is changed due to the movement of the area of the user, the location server 630 sends a location change notification to the re-authentication control application 730 resident in the client terminal of the user (b2).

  The re-authentication control application 730 that has received the position change notification deletes the user's decryption key (b3-1).

  If the file is open, the re-authentication control application 730 requests the file access application (client side) 710 to temporarily stop browsing (b3-2).

  Next, the re-authentication control application 730 requests the file access application (client side) 710 to perform re-authentication (send the corresponding command) or request to perform re-reading (send the corresponding command). ) (B4).

  Upon receiving this request, the file access application (client side) 710 requests the decryption key again from the file access application (server side) 610 of the server device 600 (b5). In the case of the decryption request, the encrypted access authority information of the target electronic data and the user identification information (user name) of the client terminal are transmitted to the server apparatus 600.

  The file access application (server side) 610 of the server device 600 acquires user information registered in the authentication server 620 based on the user identification information that has requested the decryption key (b6).

  Since the group described in FIG. 9A is registered in the authentication server 620, information on the group to which the user belongs is acquired as user information based on the user identification information.

  Then, the file access application (server side) 610 determines permission / non-permission of the decryption key request from the information of the group to which it belongs and the access authority information of the file. On the other hand, the decryption key and the permitted access right information are transmitted (b7).

  At the client terminal, the file access application (client side) 710 decrypts the electronic data again based on the received decryption key, and the reading of the document is completed.

12 Processing of Re-Authentication Control Application FIG. 12 is a flowchart for explaining the flow of processing of the re-authentication control application.

  The client terminal re-authentication control application is an application that is resident in the client system.

  When the re-authentication control application receives the re-authentication instruction (steps S410 and S420), the re-authentication control application searches the browsing file for the file access application of the client terminal (steps S430 and S440).

  If the encrypted file is being browsed (step S450), control to display the authority change message on the screen of the client terminal is performed (step S460).

  Next, browsing is stopped (step S470), and the received decryption key is deleted (step S480). Then, a re-authentication instruction is issued to the file access application (step S490).

  The file access application that has received the re-authentication instruction performs re-authentication processing (step S500). The server device receives the re-authentication request and performs a decryption key generation process (step S510). In steps S500, S510, and S520, processing corresponding to steps S280 to S380 in FIG. 8 is performed.

13. Processing When Another User Comes Near FIG. 13 is a flowchart showing the flow of the server device access authority change processing when another user comes nearby.

  The server device calculates the distance between the user who is accessing the electronic data and another user (step S610).

  If another user is within a predetermined distance from the user who is accessing the electronic data, the following processing is performed (step S620).

  First, the access authority for the electronic data of the user and other users is compared (step S630).

  If the access authority of the user is high, the process goes to step S670 (step S640).

  If the access authority is low (step S640), it is determined whether or not the access authority can be changed (step S650).

  If the access authority can be changed to a higher level (step S660), a re-authentication instruction is transmitted to the client terminal that is browsing the electronic data (step S670).

  When a decryption request is received from the client terminal that has transmitted the re-authentication instruction, the following processing is performed (step S680).

  First, user information of other users is acquired from the user information database (step S690).

  Next, access authority is determined based on the user information of other users (step S700).

  Based on the determination result, the decryption key is transmitted to the client terminal (step S710).

  Note that the processing of the client terminal when receiving the re-authentication instruction issued in step S670 is the same as that in steps S240 to S280 of FIG.

  The processing of the client terminal when receiving the transmitted response issued in step S710 is the same as that in steps S340 to S380 in FIG.

  According to the present embodiment, when a user A having appropriate access rights is browsing an electronic file, when another user B having access rights lower than the user A approaches, Thus, the access right can be switched to the level of another user B. Therefore, it is possible to prevent the electronic data from being viewed by the user B who does not have access authority.

  Also, when a user A who has appropriate access rights is browsing an electronic file and another user C who has access rights at a higher level than his / her own, the permission of the other user C is obtained. The access right can be temporarily switched to the level of another user C.

14 Specific Example of Electronic File Encryption / Decryption Processing FIGS. 14 to 23 are diagrams for explaining specific examples of the electronic file encryption / decryption processing. In each figure, the file viewing application software, the server, the process of the file creator from the creation to viewing of the encrypted electronic file, the flow of work and the key that is held (key for encryption and decryption) FIG.

  FIG. 14 is a diagram for explaining the work at the time of content creation and the held keys. As shown in the figure, the server 802 holds a key B1 (806) and a key B2 (808). Then, the file creator 804 creates content (electronic data to be accessed) (see 810).

  Here, the key B1 (806) is a public key and a key for encrypting the access authority information of the electronic file. The key B2 (808) is a secret key and the access encrypted with the key B1 (806). It is a key for decrypting authority information.

  Each time the file creator 804 creates a file, the file creator authority 804 encrypts the access authority information of the file using the public key B1 (806) published by the server 802. However, the file creator 804 encrypts the file using the public key B1 (806). Since the secret key B2 (808) for decrypting the encrypted access authority information exists only in the server 802, only the server 802 can read the encrypted access authority information.

  FIG. 15 is a diagram for explaining the processing at the time of creating access authority information and the held keys. As shown in the figure, the file creator 804 sets what access authority (access authority information) to which member (see 814 and 816).

  Also, a key A (812) for encrypting the content 810 is created. The key A (812) is a common key, and is a key for encrypting / decrypting the content part (electronic data corresponding to the content part) 810 of the electronic file. The file creator 804 generates this key A (812) every time a file is created. The information of the key A (812) is added to the access authority information part.

  FIG. 16 is a diagram for explaining processing at the time of content encryption and a held key. As shown in the figure, the file creator 804 encrypts the content with the key A (see 810 '). The key A used for encryption is added to the access authority information (see 812).

  FIG. 17 is a diagram for explaining processing at the time of encryption of access authority information and a held key. As shown in the figure, the file creator 804 encrypts the access authority information 818 with the public key B1 (806) published by the server (see 818 ').

  FIG. 18 is a diagram for explaining processing at the time of encryption of access authority information and a held key. As shown in the figure, the file browsing application software 800 detects that the content to be browsed is encrypted during the file browsing process (see 818 ').

  FIG. 19 is a diagram for explaining the processing at the time of a decryption request from the client terminal to the server and the held key. As shown in the figure, the file browsing application software 800 of the client terminal generates a key C1 and a key C2 corresponding to the key C1 (see 820 and 822). Then, the access authority information 818 'encrypted with the key B1 and the generated key C1 are transmitted to the server 802 to request decryption (see 818' and 820).

  Here, the key C1 (820) is a public key, and the key C2 (822) is a key for encrypting the access authority information of the key A and the permitted viewer. The key C1 (820) is a secret key. This is a key for decrypting the key A encrypted in (820) and the access authority information of the permissible corresponding viewer.

  Key C1 (820) and key C2 (812) are keys for concealing communication between the file browsing application software 800 of the client terminal and the server 802, and are created at the client terminal for each file browsing application software 800. Is done.

  The server 802 encrypts the decryption key and the access right information using the key C1 sent together with the access right information sent from the file browsing application software 800. Then, the file browsing application software 800 decrypts the data sent from the server using the key C2. Since the key C2 exists only in the file browsing application software 800, the decryption key A sent from the server 802 is never used by a third party.

  FIG. 20 is a diagram for explaining the processing at the time of determining the access authority of the server and the held key. As shown in the figure, the server 802 decrypts the access authority information (key A812, access authority 814, member 816) using its own private key B2 (808) (see 818), and determines the access authority of the user. I do.

  FIG. 21 is a diagram for explaining processing at the time of response from the server to the file browsing application software of the client terminal and the held key. As shown in the figure, when the server 802 determines that the user is an authorized user, the server 802 encrypts the key A 812 and the authority information 824 of the corresponding file viewer only with the key C 1, and the file browsing application software of the client server To 800.

  FIG. 22 is a diagram for explaining the decryption key and authority information decryption key of the file browsing application software of the client terminal and the retained key. As shown in the figure, the file browsing application software 800 of the client terminal decrypts the key A 812 and the authority information 824 only for the corresponding file viewer using the secret key C2.

  FIG. 23 is a diagram for explaining the decryption processing of the content of the file browsing application software of the client terminal and the retained key. As shown in the figure, the file browsing application software 800 of the client terminal decrypts the content (see 810 ′ in FIG. 22) encrypted with the key A using the decrypted key A (see 812 in FIG. 22). (See 810). Then, the decrypted content 810 is accessed according to the authority 824 of the corresponding viewer.

  Although the preferred embodiments to which the present invention is applied have been described above, the application of the present invention is not limited to the above-described embodiments.

  The present invention is not limited to the embodiments described above, and various modifications can be made within the scope of the gist of the present invention or within the equivalent scope of the claims.

  For example, the authentication based on the user identification information obtained by authenticating the user and the current position information obtained in association with the user identification information includes not only access of electronic data but also hardware such as a printer and a notebook PC, and further operation of the software It can also be provided for permission.

  For example, if a printer is installed with an authentication system based on user identification information that has been authenticated and current location information that is obtained in association with the user identification information, an attempt was made to use a composite printer installed in the center of the office space. Sometimes it is possible to provide a system that cannot be used unless the right person is in the right place. For example, in the case of a complex printer often used in an office, documents can be printed from anywhere as long as they are on the same network, so a person on the first floor prints from a printer installed on the second floor. There is. By using this authentication system, it is possible to prevent a security hole in which confidential materials can be accidentally printed from a printer that is out of reach of the user by such an erroneous operation.

  In the case of software, software that performs dangerous operations that need to be monitored at a specific location (for example, an application that starts an experiment with explosives or a machine that emits X-rays or radioactivity). By using this authentication system, it is possible to prevent an application to be operated from being activated unless a human is placed at a predetermined location.

  As described above, the authentication system based on the user identification information obtained by authenticating the user and the current position information obtained in association with the user identification information is not limited to data browsing, and should be incorporated into various systems. Is also possible.

The figure for demonstrating an example of a structure of an electronic data access control system. The functional block diagram of the server apparatus of an electronic data access control system. The figure for demonstrating a user information database. An example of a functional block diagram of a client terminal. FIGS. 5A and 5B are diagrams for explaining an example of setting access authority for electronic data. It is a figure for demonstrating an encryption electronic file. The flowchart for demonstrating operation | movement of the client terminal and server apparatus at the time of file reading. The flowchart for demonstrating the operation | movement at the time of position movement. FIGS. 9A and 9B are diagrams for explaining group settings when the authentication server function is realized using existing authentication software. The sequence diagram for demonstrating operation | movement of the client terminal and server apparatus at the time of the file reading in the case of using a general purpose application. It is a sequence diagram for demonstrating operation | movement of a client terminal and a server apparatus at the time of position movement in the case of using a general purpose application. The flowchart for demonstrating the flow of a process of a re-authentication control application. The flowchart which shows the flow of the access authority change process of a server apparatus when another user comes near. The figure explaining the work at the time of content creation, and the key hold | maintained. The figure explaining the process at the time of access authority information creation, and the key hold | maintained. The figure explaining the process at the time of content encryption, and the key hold | maintained. The figure explaining the process at the time of encryption of access authority information, and the key hold | maintained. The figure explaining the process at the time of encryption of access authority information, and the key hold | maintained. The figure explaining the process at the time of the decoding request | requirement from a client terminal to a server, and the key hold | maintained. The figure explaining the process at the time of the access authority determination of a server, and the key hold | maintained. The figure explaining the decoding key of the file browsing application software of a client terminal, the decoding process of authority information, and the key hold | maintained. The figure explaining the decoding key of the file browsing application software of a client terminal, the decoding process of authority information, and the key hold | maintained. It is a figure explaining the decoding process of the content of the file browsing application software of a client terminal, and the key hold | maintained.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Electronic data access control system, 10 network, 12 network, 20 Client terminal, 30 Wireless transmitter, 40-1, ... 40-n Wireless receiver, 100 Server apparatus, 102 Location detection server, 104 Authentication server, 122 Storage , 124 transmission / reception unit, 126 information storage medium, 130 processing unit, 132 current location information acquisition unit, 134 access authority determination unit, 150 database, 152 transmission / reception unit, 160 information storage unit, 162 user attribute information, 164 user location information, 200 processing unit, 210 electronic data access processing unit, 220 re-authentication control unit, 230 message output processing unit, 260 operation unit, 270 storage unit, 272 electronic file storage unit, 274 decryption key temporary storage unit, 280 information storage medium, 290 Display unit, 2 2 sound output unit, 296 communication unit, 610 server device, 300 encrypted electronic file, 310 access authority information, 320 access authority, 330 member, 340 area, 350 content data, 400 user information database, 410 user name, 420 member, 430 area, 502 access authority, 504 group, 512 access authority, 514 group, 600 server, 700 client, 800 file viewing application software, 802 server, 804 file creation

Claims (15)

An electronic data access control system including a terminal that accesses electronic data and a server connected to the terminal via a communication network,
The terminal
Access authority information relating to access authority set to the electronic data in accordance with electronic data encrypted with the first key, at least one of user identification information or user attribute information, and user position information; A storage unit that stores data encrypted with a key other than the key, and data related to the decryption key of the electronic data and encrypted with the key other than the first key in association with the electronic data;
Access authority information that is inquired about access authority for the electronic data and access authority information that is encrypted with a key other than the first key, and information about a decryption key of the electronic data that is other than the first key The data encrypted with the key is sent to the server and received from the server in response to the access right authentication request, based on the information on the access right for the electronic data authorized by the accessor and the information on the decryption key of the electronic data An electronic data access processing unit that performs an access process on the electronic data stored in the storage unit,
At least one of the terminal and the server is
A user authentication processing unit that performs user authentication for user identification information of an accessor to the electronic data;
The server
A current position information acquisition unit for acquiring current position information of a user under system control in association with user identification information;
A storage unit for holding a decryption key for decrypting the encrypted access authority information and the encrypted decryption key information;
The access authority authentication request from the terminal and the access authority information, which is encrypted with a key other than the first key, and the information related to the decryption key of the electronic data and encrypted with the key other than the first key When the encrypted data is received, these are decrypted based on the decryption key held,
For the electronic data, based on the user identification information obtained by authenticating the user or the attribute information corresponding to the user identification information, the current position information obtained in association with the user identification information and the decrypted access authority information. A process of determining access authority for the electronic data permitted to the terminal, and providing information relating to the access authority for the electronic data permitted mainly to the access and information regarding the decryption key of the electronic data to the terminal based on the determined access authority An electronic data access control system including an access authority determination unit. In claim 1,
In the access authority information, presence or absence of access authority is set according to the type of access to electronic data,
The access authority determination unit
For the electronic data in which the presence or absence of access authority is set according to the type of access, the user identification information obtained by authenticating the user, the current location information obtained in association with the user identification information, and the electronic data set in the electronic data Based on the access authority information, determine an access authority for a given type of access to the electronic data of the accessor,
The electronic data access processing unit
About the given type of access to the electronic data stored in the electronic file storage unit based on the access right for the given type of access to the electronic data permitted by the access owner determined by the access right determination unit An electronic data access control system characterized by performing an access process. In either claim 1 or 2,
In the access authority information, position information giving access authority is specified in area units,
The access authority determination unit
Determining whether the current location information obtained in association with the user identification information of the accessor who is accessing the electronic data is accompanied by a change in the area;
If it is determined that the area is accompanied by a change, the electronic data for which the access authority is set is the user identification information obtained by authenticating the user and the changed information obtained in association with the user identification information. An electronic data access control system characterized by re-determining the access authority for the electronic data permitted mainly by the accessor based on the current position information and the access authority information set for the electronic data. In claim 3,
The terminal
Control that causes re-authentication of the access right of the electronic data being accessed when the current position information obtained in association with the user identification information of the accessing person who is accessing the electronic data is accompanied by a change in the area An electronic data access control system including a re-authentication control unit for performing In any one of Claims 1 thru | or 4,
The access authority determination unit
Whether the current location information acquired in association with the user identification information of the accessor who is accessing the electronic data and the current location information acquired in association with the user identification information of another user satisfy the preset access right change condition Determine whether
An electronic data access control system characterized by temporarily changing an access right when the access right changing condition is satisfied. In claim 5,
The access authority determination unit
When the access authority change condition is satisfied, for the electronic data to which the access authority is set, the user identification information obtained by authenticating the identity of the other user and the current position information obtained in association with the user identification information And determining the access authority for the electronic data permitted to other users based on the access authority information set for the electronic data, and temporarily changing to the determined access authority of the other users. Electronic data access control system. In claim 5 or 6,
The access authority information includes permission conditions for changing access authority information for electronic data,
The access authority determination unit
An electronic data access control system that judges whether or not the access authority of the electronic data can be changed based on a permission condition for changing the access authority set in the access authority information of the electronic data. In any of claims 5 to 7,
The access authority determination unit
When an access permission command is received from a user who has higher access authority than the accessor who is accessing the electronic data, it is determined whether or not the access authority level of the electronic data can be changed based on the access permission command. Electronic data access control system. In any of claims 3 to 8,
Electronic data access control, further comprising: a message output processing unit for performing a process of outputting a message for notifying the occurrence of the event when an event causing an access authority change occurs during the access system. In any one of Claims 5 thru | or 9,
An electronic data access control system including an access cancel control unit that performs control to cancel access to electronic data that is being accessed when an access right is changed. A server connected via a communication network to a terminal that accesses electronic data,
A current position information acquisition unit for acquiring current position information of a user under system control in association with user identification information;
A personal authentication processing unit for performing personal authentication on the user identification information of the accessor to the electronic data;
A storage unit for holding a decryption key for decrypting the encrypted access authority information and the encrypted decryption key information;
The access authority authentication request from the terminal and the access authority information, which is encrypted with a key other than the first key, and the information related to the decryption key of the electronic data and encrypted with the key other than the first key When the encrypted data is received, these are decrypted based on the decryption key held,
For the electronic data, based on the user identification information obtained by authenticating the user or the attribute information corresponding to the user identification information, the current position information obtained in association with the user identification information and the decrypted access authority information. A process of determining access authority for the electronic data permitted to the terminal, and providing information relating to the access authority for the electronic data permitted mainly to the access and information regarding the decryption key of the electronic data to the terminal based on the determined access authority server, characterized in that it comprises a and access rights determination unit that performs. A terminal connected to a server via a communication network and accessing electronic data,
Access authority information relating to access authority set to the electronic data in accordance with electronic data encrypted with the first key, at least one of user identification information or user attribute information, and user position information; A storage unit that stores data encrypted with a key other than the key, and data related to the decryption key of the electronic data and encrypted with the key other than the first key in association with the electronic data;
Access authority information that is inquired about access authority for the electronic data and access authority information that is encrypted with a key other than the first key, and information about a decryption key of the electronic data that is other than the first key The data encrypted with the key is sent to the server and received from the server in response to the access right authentication request, based on the information on the access right for the electronic data authorized by the accessor and the information on the decryption key of the electronic data An electronic data access processing unit that performs an access process on the electronic data stored in the storage unit. A program for controlling an electronic data access control system including a terminal that accesses electronic data and a server connected to the terminal via a communication network,
Access authority information relating to access authority set to the electronic data in accordance with electronic data encrypted with the first key, at least one of user identification information or user attribute information, and user position information; A storage unit that stores data encrypted with a key other than the key, and data related to the decryption key of the electronic data and encrypted with the key other than the first key in association with the electronic data;
Access authority information that is inquired about access authority for the electronic data and access authority information that is encrypted with a key other than the first key, and information about a decryption key of the electronic data that is other than the first key The data encrypted with the key is sent to the server and received from the server in response to the access right authentication request, based on the information on the access right for the electronic data authorized by the accessor and the information on the decryption key of the electronic data An electronic data access processing unit that performs an access process on the electronic data stored in the storage unit, and causes the terminal computer to function,
Causing at least one computer of the terminal and the server to function as a personal authentication processing unit that performs personal authentication for user identification information of an accessor to the electronic data;
A current position information acquisition unit for acquiring current position information of a user under system control in association with user identification information;
A storage unit for holding a decryption key for decrypting the encrypted access authority information and the encrypted decryption key information;
The access authority authentication request from the terminal and the access authority information, which is encrypted with a key other than the first key, and the information related to the decryption key of the electronic data and encrypted with the key other than the first key When the encrypted data is received, these are decrypted based on the decryption key held,
For the electronic data, based on the user identification information obtained by authenticating the user or the attribute information corresponding to the user identification information, the current position information obtained in association with the user identification information and the decrypted access authority information. A process of determining access authority for the electronic data permitted to the terminal, and providing information relating to the access authority for the electronic data permitted mainly to the access and information regarding the decryption key of the electronic data to the terminal based on the determined access authority A program for causing the server computer to function as an access authority determination unit for performing   A computer-readable information storage medium, wherein the program according to claim 13 is stored. A control method of an electronic data access control system including a terminal for accessing electronic data and a server connected to the terminal via a communication network,
The terminal includes access authority information related to access authority set for the electronic data encrypted with the first key, at least one of user identification information or user attribute information, and the location information of the user. and data encrypted with a key other than the first key Te, the encrypted data is information relating to the decryption key by the first key other than the key of the electronic data in association with the electronic data of the terminal Storing in the storage unit;
The server storing a decryption key for decrypting the encrypted access authority information and the information related to the encrypted decryption key in a storage unit of the server;
The terminal is access authority information together with an access authority authentication request for inquiring about access authority for the electronic data, and is information related to data encrypted with a key other than the first key and decryption key of the electronic data. and transmitting the data encrypted with a key other than the first key to the server from the terminal,
Obtaining the current location information of the user under system control of the server in association with the user identification information;
At least one of the terminal and the server authenticates the user identification information of an accessor for the electronic data;
The server is the access authority authentication request and access authority information from the terminal, which is data encrypted with a key other than the first key, and information related to the decryption key of the electronic data, which is other than the first key. When data encrypted with the key is received, these are decrypted based on the decryption key held,
For the electronic data, based on the user identification information obtained by authenticating the user or the attribute information corresponding to the user identification information, the current position information obtained in association with the user identification information and the decrypted access authority information. A process of determining access authority for the electronic data permitted to the terminal, and providing information relating to the access authority for the electronic data permitted mainly to the access and information regarding the decryption key of the electronic data to the terminal based on the determined access authority The steps of
The terminal is stored in the storage unit of the terminal based on the information on the access authority for the electronic data permitted to the access owner received from the server in response to the access authority authentication request and the information on the decryption key of the electronic data. method of controlling an electronic data access control system including a step of performing access processing for the electronic data.

Images