JP5002415B2 - Data access control device - Google Patents

Description

  The present invention relates to a data access control device that controls access to data.

  Conventionally, many techniques for restricting access to data have been proposed in order to improve security. As an example of a technique for restricting access to data, a technique for controlling access to data based on history information such as a user's position has been proposed.

  By using such an access control technology, for example, a user who has been detected to be in a conference room at a predetermined time without permitting access to an unspecified number of people for documents used in a conference. Can be granted access.

  As in the above technique, in order to detect that a plurality of users are in the conference room at the same time, it is common to use a sensor for specifying a position such as an RFID tag.

  As another example of permitting access to the user, in the technique described in Patent Document 1, a shared workspace is formed by integrating workspaces recognized as existing in the same time zone and the same workspace, The content used in the collaborative work space is made available to users who work in the collaborative work space.

JP 2006-92371 A

  However, although the technique described in the cited document 1 can be accessed during the time of collaborative work, there is a problem that access is not permitted even if the content used in the collaborative work is accessed after the collaborative work.

  The present invention has been made in view of the above, and an object of the present invention is to provide a data access control apparatus that allows access to data only by a collaborator even after a collaborative work.

In order to solve the above-described problems and achieve the object, the present invention includes a specific information acquisition unit that acquires specific information including at least one of image information, audio information, and operation information for specifying a user; A storage unit for storing the specific information; user information for identifying a user; data acquisition information for identifying data that the user has accessed; and an acquisition unit for acquiring the user information; Whether the plurality of users are collaborators based on the use information correspondence storage unit that stores the use information associated with the data identification information, and the specific information stored in the storage unit. A determination unit that determines whether or not , and the data identification information associated with the use information and user information that identifies the user determined to be the collaborator is output to the collaborator Output part to From outputted by the data identification information, a request receiving unit that receives an input of the data identification information as the access request, the data identified by the data identification information received inputs, to the collaborators, An access control unit that permits access.
In addition, the present invention provides a specific information acquisition unit that acquires specific information having at least one of image information, audio information, and operation information that specifies a user, a storage unit that stores the specific information, and a user The user information for identifying the data, the data identification information for identifying the data that the user has accessed, the acquisition unit for acquiring the data, the user information, and the data identification information are associated with each other A usage information correspondence storage unit that stores usage information; a determination unit that determines whether or not a plurality of users are collaborators based on the specific information stored in the storage unit; and the determination unit A collaborative work data storage unit that associates and stores a plurality of pieces of data identification information associated with the user information and user identification information that identifies a plurality of users determined as the collaborator, Day A request reception unit that receives data identification information for identifying the data identification information received by the request reception unit, and the data identified by the data identification information associated with the joint work data storage unit, An access control unit that permits access to the collaborator.

  According to the present invention, since access to data is permitted only for collaborators, there is an effect that safety is improved.

  Exemplary embodiments of a data access control device according to the present invention will be explained below in detail with reference to the accompanying drawings.

(First embodiment)
In the first embodiment, an example in which the PC server 100 is applied as an example of a data access control device will be described. However, the present invention is not limited to the PC server 100 and can be applied to various devices.

  As shown in FIG. 1, it is assumed that work is performed by a user in work room A and work room B. In the work room A, a user A, a user B, a user C, and a user D are working. Among these users, it is assumed that user A, user B, and user C are performing joint work, and user D is performing another work. Then, it is assumed that the user D is performing work different from the users in the work room A.

  An ID reader 130a is provided on the outside of the work room A, and an ID reader 130b is provided on the inside. The ID readers 130a and 130b are made to read ID cards owned by each user, thereby enabling entry and exit. It can be carried out. Then, a signal including each user ID acquired by the ID readers 130 a and 130 b is transmitted to the PC server 100. Thereby, the PC server 100 can manage the time when the user exists in the work room A.

  In this embodiment, a PC that can operate on electronic data is assigned to each user. The user carries out the work by carrying the PC by himself / herself, regardless of whether the user is joint or not. Operation information can be acquired by a software module in the PC. Further, the PC is provided with a microphone and a camera. Thereby, the PC can input and process image information and audio information.

  As a detailed example, the microphone 102a, the cameras 120a and 101a are provided to the user A, the microphone 102b, the camera 120b, and the PC 101b are provided to the user B, and the microphone 102c, the camera 120c, and the PC 101c are provided to the user D. Are assigned the microphone 102d, the camera 120d, and the PC 101d, and the user E is assigned the microphone 102e, the camera 120e, and the PC 101e.

  The microphones 102a to 102e output user voice signals to the PCs 101a to 101e. The cameras 120a to 120e capture a predetermined work area including a user who uses the PCs 101a to 101e during work, generate image information, and output the image information to the PCs 101a to 101e. The image information may be a still image or a moving image.

  The PCs 101a to 101e are used for accessing (including creating, editing, and referencing) electronic data used by the user during work. Further, the PCs 101a to 101e record operations performed by the user as operation information.

  Further, the electronic data may be any data as long as it is data to be accessed by the user, such as document data, spreadsheet data, or presentation data.

  The screen 110 is used for displaying electronic data used in collaborative work from the PC 101a or the like. The PC server 100 accumulates the specific information transmitted from the PCs 101a to 101e, determines whether the user is collaborating based on the accumulated specific information, and determines that the user is collaborating. Allow access by collaborators to data accessed during collaboration.

  The specific information is information having at least one of image information, audio information, and operation information for specifying users who are collaborating. In this embodiment, the specific information in this embodiment includes audio information, image data, operation information, and user information that has entered and exited the room. Next, an apparatus used in this embodiment will be described.

  In the present embodiment, it is assumed that the three users A, B, and C are performing common work. The common work may be any work, but for example, a meeting on a certain agenda may be considered. It is assumed that the user D performs another work in the same room, and the user E performs another work in the separate room. In the example shown in FIG. 1, it is assumed that the electronic data held by the user A is projected on the screen 110 during collaborative work and is referred to the users B and C.

  In the data sharing system including the PCs 101a to 101e and the PC server 100 according to the present embodiment, if there is a request from the user B or C for the electronic data at a later date, access is permitted and another work is performed. A function is realized in which access is not permitted when there is a request from the users D and E who have been present. In other words, the electronic data used for the collaborative work can be accessed for the user group that has collaborated, and access from the user group that has not collaborated is prevented. In order to realize this, in particular, it is important to determine users who are working together among a group of users working in the same work room.

  As illustrated in FIG. 2, the PC 101 a includes an operation input receiving unit 251, a voice input processing unit 252, an image input processing unit 253, a user ID addition unit 254, a user ID authentication unit 255, and a display processing unit 256. The communication unit 257 and the request output unit 258 are connected to the microphone 102a and the camera 120a. The PCs 101b to 101e are the same as the PC 101a, and a description thereof is omitted.

  The communication unit 257 performs processing for transmitting / receiving data to / from the PC server 100. For example, the communication unit 257 transmits operation information, audio information, image information, and the like. Further, the communication unit 257 transmits electronic data operated by the user. At this time, the communication unit 257 transmits the electronic data at the timing when the use of the electronic data is started and when the use of the electronic data is finished. These timings are determined from the operation information input by the operation information input processing unit 261.

  In addition, the communication unit 257 receives electronic data that is a request for use.

  The user ID authenticating unit 255 performs authentication processing for a user who uses the PC 101a. As a method of authentication processing, any method may be used regardless of a known method. For example, a login process for inputting a user ID and password to the PC 101a can be considered. Then, the user ID authenticating unit 255 holds a user ID for identifying the user when the user authentication is appropriately performed.

  The operation input receiving unit 251 includes an operation information input processing unit 261 and receives an operation input to the PC 101a.

  The operation information input processing unit 261 performs an input process on the operation input to the PC 101a as operation information. Further, the operation information input processing unit 261 detects whether or not the electronic data currently displayed is displayed on the external screen by the software operating on the PC 101a, and the operation time when the operation by the PC 101a is performed. . Then, the operation information input processing unit 261 gives the operation time at which the operation was performed to the operation information subjected to the input process. Then, the operation information to which the operation time is given is transmitted to the PC server 100 via the communication unit 257.

  The voice input processing unit 252 performs input processing on the signal input from the microphone 102a as voice information. The voice input processing unit 252 according to the present embodiment collects voice information input from the microphone 102a as a 10-minute 8-KHz voice information file by software operating on the PC 101a, and generates this at 10-minute intervals. . In addition, the voice input processing unit 252 gives the time when the voice information input process is started to the voice information that has been input.

  The image input processing unit 253 performs input processing on image information from the camera 120a. The image input processing unit 253 according to the present embodiment collects the image information input from the camera 120a as a 10-minute moving image information file by software operating on the PC 101a, and generates this at 10-minute intervals. In addition, the image input processing unit 253 gives an imaging time when imaging of the image information is started to the input image information. Note that captured image information can include still images and moving images, but in the present embodiment, moving image is used.

  The user ID adding unit 254 gives the user ID held by the user ID authenticating unit 255 to the operation information, audio information, and image information subjected to the input process. As described above, the user ID is given to the specific information input by the PC 101a.

  By the above-described processing, the operation information to which the user ID and the operation time are assigned, the audio information to which the user ID and the input processing time are given, and the imaging information to which the user ID and the imaging time are given are received by the communication unit 257. It is transmitted to the PC server 100. Furthermore, the electronic data that is the target of the operation is also transmitted by the communication unit 257 at the start of use and end of use.

  The display processing unit 256 performs data display processing on a monitor (not shown) provided in the PC 101a.

  The request output unit 258 issues and outputs a use request (request) of data accessed by the collaborator at the time of collaborative work based on a user operation. The output usage request is transmitted to the PC server 100 via the communication unit 257.

  The PC 101a is always activated during work. Then, the PC 101a performs input processing of operation information, image information, and audio information when starting up. Note that the configuration of the PCs 101b to 101e is the same as that of the PC 101a, and a description thereof is omitted.

  As shown in FIG. 2, the PC server 100 includes an image history storage unit 201, an audio history storage unit 202, an operation history storage unit 203, an ID history storage unit 204, a data usage period storage unit 205, and a data storage. Unit 206, image acquisition unit 207, voice acquisition unit 208, operation acquisition unit 209, ID acquisition unit 210, data acquisition unit 211, joint worker determination unit 212, joint worker storage unit 213, Joint work data storage unit 214, request reception unit 215, joint worker extraction unit 216, joint worker output unit 217, joint work extraction unit 218, access control unit 219, communication unit 220, and data use A period specifying unit 225 and an access determination unit 226 are provided.

  The communication unit 220 transmits / receives data to / from the PCs 101a to 101e. For example, the communication unit 220 receives operation information, audio information, and image data transmitted from the PCs 101a to 101e. In addition, the communication unit 220 also receives a usage request for data.

  In addition, the communication unit 220 also performs processing for transmitting electronic data that is a target of the use request to the PCs 101a to 101e.

  The image history storage unit 201 stores the image information acquired by the image acquisition unit 207 as an image history. As shown in FIG. 3, the image history storage unit 201 indicates the user ID assigned to the acquired image information, the time when the image information was captured, and the acquired image information as index information of the image information. The image data file name is stored in association with each other. The image history storage unit 201 also stores the image information. The format format of the image information may be any format format.

  The voice history storage unit 202 stores the voice information acquired by the voice acquisition unit 208 as a voice history. As illustrated in FIG. 4, the audio history storage unit 202 uses the user ID assigned to the acquired audio information, the time when the audio information is acquired, and the audio indicating the acquired audio information as index information of the audio information. The data file name is stored in association with each other. For example, it can be seen that the voice input from 14:50 of userA is held as voice information with the file name “userA-070618140000.wma”. The voice history storage unit 202 also stores the voice information. The format format of the audio information may be any format format.

  The operation history storage unit 203 stores the operation information acquired by the operation acquisition unit 209 as an operation history. As illustrated in FIG. 5, the operation history storage unit 203 associates the user ID assigned to the acquired operation information, the operation time when the input of the operation is accepted, and the operation history indicating the performed operation. Remember. As shown in FIG. 5, the operation history also includes information (for example, a file name) for identifying electronic data that is an operation target. Thereby, the electronic data accessed at the time of work can be specified.

  In the present embodiment, as shown in FIG. 5, the history of operations around 15:00 on June 18th for four users A to D assigned user IDs userA, userB, userC, and userD. It is tabulated. This history information example is a partial excerpt. Actually, if the PCs 101a to 101e are used for one hour, the history for one hour is accumulated. For example, the history “open file“ work1.txt ”” indicates that the file (electronic data) work1.txt has been opened and has been used. In addition, “close file“ work1.txt ”” is assumed to be closed after the file work1.txt is closed. The period from the time when the operation open is performed to the time when the operation close is performed is defined as a usage period in which the electronic data is used.

  The ID history storage unit 204 stores a history of users who have entered and exited the work room. As illustrated in FIG. 6, the ID history storage unit 204 includes a user ID for identifying a user, a room name in which the user has entered and exited, an entry time to the room, an exit time from the room, Are stored in association with each other.

  In the present embodiment, the specific information storage unit 232 includes the above-described image history storage unit 201, audio history storage unit 202, operation history storage unit 203, and ID history storage unit 204. That is, each storage unit included in the specific information storage unit 232 stores the specific information and the specific time for specifying the work time of the joint work in association with each other. As long as the specific information is the ID information of the user who has entered and exited the work room, the audio information and image information acquired inside the work room, and the operation information of the PC, the user entry / exit time, voice information and This corresponds to the acquisition time of the image information and the operation time when the user operates the PCs 101a to 101e.

  The data usage period storage unit 205 stores the usage period of electronic data used by the user during work. As shown in FIG. 7, the data use period storage unit 205 associates the operation user who has operated the electronic data, the electronic data name that identifies the electronic data that is the operation target, the operation start time, and the operation end time. Add and remember. That is, the data usage period storage unit 205 stores usage information related to the use of electronic data by the user. Thus, in the present embodiment, an electronic data name is used as electronic data identification information.

  In this embodiment, the data usage period storage unit 205 holds the usage period of electronic data. However, the operation history storage unit 203 described above includes an operation content including information for identifying electronic data. Since the time when the electronic data is accessed is associated, in other words, the electronic data, the operation content for the electronic data, and the time when the electronic data is accessed are associated, the data use period storage Instead of the unit 205, the operation history storage unit 203 may store the usage period of the electronic data.

  The image acquisition unit 207 acquires image information transmitted from the PCs 101 a to 101 e via the communication unit 220. The acquired image information is given a user ID and a time when the image information was captured. Therefore, the image acquisition unit 207 associates the user ID given to the acquired image information, the time when the image information was captured, and the image data file name indicating the image information, and the image history storage unit 201. Register with. The image acquisition unit 207 also stores the image information in the image history storage unit 201.

  The voice acquisition unit 208 acquires the voice information transmitted from the PCs 101a to 101e via the communication unit 220. The acquired voice information is given a user ID and a time when the voice information is input. Therefore, the voice acquisition unit 208 associates the user ID given to the acquired voice information, the time when the voice information was input, and the voice data file name indicating the voice information, and the voice history storage unit 202. The voice acquisition unit 208 also stores the voice information in the voice history storage unit 202.

  The operation acquisition unit 209 acquires operation information transmitted from the PCs 101a to 101e via the communication unit 220. It is assumed that a user ID and an operation time when the operation is performed are given to the acquired operation information. Thereafter, the operation acquisition unit 209 associates the user ID given to the acquired operation information, the operation time given to the operation information, and the operation history (acquired operation information) indicating the operation performed by the user. At the same time, it is registered in the operation history storage unit 203.

  Based on the signals input from the ID readers 130a and 130b, the ID acquisition unit 210 acquires the user ID of the user who has entered and exited together with the entrance / exit information indicating that the user has entered or exited the room. Thereafter, the ID acquisition unit 210 uses the time when the signal is input as the room entry time or the room exit time, and associates the acquired user ID with the room name provided with the ID reader 130a, b in the ID history storage unit 204. sign up. For this purpose, the ID acquisition unit 210 associates the room name with the ID readers 130a and 130b in advance. Thereby, when a signal is input from the ID readers 130a and 130b, the name of the room where the room is entered or exited can be specified. When the entry / exit information is entry, the time when the signal is input is registered as the entry time, and when the entry / exit information is exit, the time when the signal is input is registered as the exit time.

  In the present embodiment, the specific information acquisition unit 231 includes the image acquisition unit 207, the audio acquisition unit 208, the operation acquisition unit 209, and the ID acquisition unit 210 described above, and is obtained from the work environment when a plurality of users collaborate. Get specific information. The work environment includes a work room and PCs 101a to 101e used for work. That is, the ID information of the user who has entered and exited the work room, the audio information and image information acquired inside the work room, and the operation information of the PC are the specific information.

  The data storage unit 206 stores the electronic data acquired by the data acquisition unit 211.

  The data acquisition unit 211 acquires electronic data transmitted from the PCs 101a to 101e via the communication unit 220. Then, the data acquisition unit 211 stores the acquired electronic data in the data storage unit 206.

  The history management unit 233 includes a specific information acquisition unit 231, a specific information storage unit 232, a data acquisition unit 211, a data storage unit 206, and a data usage period storage unit 205, and includes operations of the PCs 101a to 101e, voice, entry / exit time, and An image (including still images and moving images) is acquired and stored. Moreover, user ID is matched with these specific information (operation, an audio | voice, entrance / exit time, and an image). Furthermore, the history management unit 233 also manages the acquisition and accumulation of electronic data accessed by the user and the usage period of the electronic data. Then, based on the information managed by the history management unit 233, it is determined whether or not the user is a collaborator.

  The collaborator storage unit 213 stores information on users who are determined to be collaborating by a collaborator determination unit 212 described later. As illustrated in FIG. 8, the collaborator storage unit 213 stores time, user 1, and user 2 in association with each other. For 10 minutes from the time indicated in the time, it is stored that the user with the user ID stored in the user 1 and the user with the user ID stored in the user 2 are collaborating. For example, from 14:50 to 15:00, userA and userC were collaborating.

  The collaborative work data storage unit 214 stores electronic data names used between users who are collaborating. As shown in FIG. 9, the joint work data storage unit 214 stores time, an electronic data group (one or a plurality of electronic data names), and a joint work user group in association with each other. That is, the collaborative work data storage unit 214 uses the electronic data used by each of the user groups determined to be collaborating in the time zone in which the collaborator storage unit 213 determines that the collaborative work is being performed. The file name of data is stored.

  The collaborator determination unit 212 includes an image proximity determination unit 221, an audio proximity determination unit 222, an operation commonality determination unit 223, and a room user determination unit 224, and is stored in the specific information storage unit 232. Whether or not a plurality of users are collaborators based on the results of processing the various types of specific information by the image proximity determination unit 221, the audio proximity determination unit 222, the operation commonality determination unit 223, and the room user determination unit 224. Determine.

  The image proximity determination unit 221 includes an image user identification unit 241 and determines a user who is close based on the image information stored in the image history storage unit 201.

  The image user identification unit 241 identifies a user who is reflected in the image information stored in the image history storage unit 201. Any identification method may be used as the user identification method, but in the present embodiment, proximity determination by face image recognition is performed.

  In other words, the image user identification unit 241 according to the present embodiment uses a face image recognition technique for the image information stored in the image history storage unit 201 (a face image portion). ). Then, the image user identification unit 241 calculates, for example, the relationship between the position of the eyes and the position of the mouth as a feature amount from each extracted human face image portion. After identifying the positional relationship, the image user identifying unit 241 compares the image information stored in the image history storage unit 201 with the facial image feature amount of each user stored in the PC server 100 in advance. Make a decision. Thereby, the image user identification unit 241 can identify whether or not the person shown in the image information is a registered user.

  As the face recognition technology, for example, it is conceivable to use a publication number P2003-256613 of a patent document. In this case, face recognition processing is performed according to the following processing procedure. First, the image user identification unit 241 selects individual still image frames of image information input from the PCs 101a to 101e. Next, the image user identification unit 241 determines whether or not there is a face image in the selected still image frame. If it is determined that no face image exists, the process for the still image frame is terminated, and the process is performed for the next still image frame.

  On the other hand, the image user identification unit 241 performs face area detection, pupil area detection, and nostril area detection on the still image frame currently being determined, and then features such as normalized feature point positions. Generate a vector pattern representation by extraction. After that, the image user identification unit 241 compares the registered user's feature vector pattern group registered in advance. For example, when the similarity exceeds 0.8, the registered user is reflected in the still image frame. It is determined that

  Then, based on the identification result of the image user identification unit 241, the image proximity determination unit 221 includes a user who owns the PC 101a if a user other than the user who owns the PC 101a is captured in the still image frame. It is determined that the reflected user is in the vicinity. These processes are performed on all still image frames included in the image information.

  When the collaborator determination unit 212 includes a plurality of users in the image information captured by the cameras 120a to 120e included in the PCs 101a to 101e based on the determination result of the image proximity determination unit 221. Are working at the same place, it is determined that the plurality of users are collaborating.

  The audio proximity determination unit 222 determines whether or not a plurality of users are in proximity based on the audio information stored in the audio history storage unit 202. The proximity determination according to the present embodiment is performed based on the property that a highly common voice is input to the adjacent microphone. As a detailed processing procedure, first, the speech proximity determination unit 222 selects two pieces of speech information f (tA) and f (tB) stored in the speech history storage unit 202, and performs cross-correlation rAB for the same time portion. Is calculated. Then, the voice proximity determination unit 222 determines commonality based on whether or not the correlation value exceeds a predetermined threshold. And the audio | voice proximity | contact determination part 222 can determine whether there exists a common part in an audio | voice by performing the said process, shifting time. The voice proximity determination unit 222 further selects all two combinations in the voice information acquired from all PCs at the same time, and performs commonality determination based on cross-correlation. Thereby, it can be determined whether each user is close.

  In the present embodiment, processing is performed according to the following procedure using generally known cross-correlation calculation. First, the voice proximity determination unit 222 divides the voice information (acquired from each of the PCs 101a to 101e) stored in the voice history storage unit 202 every predetermined unit time. In the present embodiment, the predetermined unit time is set to 5 minutes. Then, the voice proximity determination unit 222 selects the voice information obtained from each of the two PCs among the divided voice information and having the same time interval.

Next, an example in which audio information acquired from the PC 101a and the PC 101b is selected will be described. The voice proximity determining unit 222 compares the voice information of the user A microphone 102a acquired from the PC 101a and the voice information of the user B microphone 102b acquired from the PC 101b shown in FIG. At this time, the voice proximity determination unit 222 calculates a cross-correlation in which one sound is shifted by 1 millisecond from −10 milliseconds to 10 milliseconds. In the example shown in FIG. 10, the shift width is shown as _lab / v.

Then, the voice proximity determination unit 222 sets the highest cross-correlation value as the similarity. In FIG. 10, the similarity is indicated by r _{A → B.} Next, the audio proximity determination unit 222 determines whether the similarity exceeds a predetermined threshold value (r _th ). When it is determined that the similarity exceeds the threshold value (r _th ), it can be considered that the two voice information is input with a common voice. That is, the sound proximity determination unit 222 determines that the two sound information is sound information input from a close microphone. The threshold value (r _th ) is set to 0.8, for example.

  The above-described processing is performed for all combinations of the voice information stored in the voice history storage unit 202. Thereby, it can be determined whether or not all the microphones included in the PC are close to each other.

  In addition, although different from the present embodiment, generally speaking users are in close proximity or collaborative work based on the rule of speaking alternately without continuing speaking at the same time. You may judge that you are doing. Specifically, the timing of speech start and speech end of the user who is the owner of the PC is detected from the volume change of the voice information input from the microphone provided in each PC, and the speech start and speech end of each PC is detected. Judgment is made based on whether or not the timing is alternately performed.

  Returning to the first embodiment, the operation commonality determination unit 223 includes a data similarity determination unit 243, and refers to the operation history stored in the operation history storage unit 203 to perform operations of a plurality of users during work. It is determined whether there is commonality. The commonality of operations according to the present embodiment is determined based on the similarity of electronic data used by each user. That is, when the data similarity determination unit 243 determines that the similarity of electronic data is high among a plurality of users, the operation commonality determination unit 223 determines that the operations among the plurality of users are common. it can.

In the present embodiment, as an example of electronic data similarity determination, electronic data name similarity determination is performed. As a method for determining the similarity of electronic data names, that is, character strings, for example, a technique called TF-IDF is generally known, but in this embodiment, the similarity of relatively short character strings such as electronic data names is known. Therefore, it is determined simply by the length of the maximum continuous common character string with respect to the length of the character string. Specifically, the similarity ratio between two electronic data is calculated by the following equation (1). Note that the character string length of the electronic data name is the shorter of the character string lengths of the plurality of electronic data. The maximum continuous common character string length is the length of the maximum partial character string included in the two electronic data.
Similarity ratio = Maximum continuous common character string length / Character string length of electronic data name (1)

  And the data similarity discrimination | determination part 243 concerning this Embodiment will judge that the said some electronic data name is similar if a similarity rate is 0.7 or more between two electronic data. The data similarity determination unit 243 determines the similarity of the electronic data names described above by determining the commonality of the electronic data that each user has started using at the same time based on the electronic data names, and starting the use. If the times are significantly different, the similarity is not judged. The deviation in the use start time, which is a criterion for determining whether or not the similarity is to be determined, is determined based on a general work time or the like. In the present embodiment, an example in which the difference in use start time is set to 5 minutes will be described.

  That is, the data similarity determination unit 243 uses the electronic data when the similarity of the electronic data names between the electronic data excluding the extension of the document name is 0.7 or more and is used within 5 minutes. Are judged to be similar. This is based on the reason that there is a high possibility that collaborative work is started between users if files having similar electronic file names are started almost simultaneously. By the way, although it may be determined whether or not the work is a joint work only with the rule, the accuracy of determination as to whether or not the work is a joint work is further improved by combining with other rules. Therefore, in the present embodiment, it is determined whether or not it is a joint work by combining the above-described determination results and the like.

  For example, when the data similarity determination unit 243 determines similarity for the data illustrated in FIG. 5 in the operation history storage unit 203 illustrated in FIG. 5, “work1.txt”, “work1.doc”, It is determined that the file names of “work1-2.txt” are similar, and the operation commonality determination unit 223 determines that userA, userB, and userC have common operations.

  In this embodiment, the similarity of electronic data is determined based on the electronic data name. However, the electronic data name is not limited to the electronic data name and is included in each electronic data used by a plurality of users. Similarity may be judged between documents, and character strings (keywords) included in electronic data documents are compared to determine whether related electronic data is used. May be. Then, when the documents are similar and when it is determined that the related electronic data is used, it is determined that the operations between the users are common.

  The same room user determination unit 224 determines a user who is present in the same room from the entry time and the exit time of each user stored in the ID history storage unit 204. In the example illustrated in FIG. 6, the same room user determination unit 224 determines that userA and userB existed in the same room (working room A) from 14:49 to 15:29. That is, from 14:49 to 15:29, it can be determined that there is a possibility that userA and userB are collaborating. In addition, the same room user determination unit 224 determines whether all combinations among users existed in the same room. As described above, users in the same room are not always collaborating. Therefore, in the present embodiment, it is determined whether the user is performing collaborative work in combination with the determination result described above.

  Then, the collaborator determination unit 212 performs collaborative work between users based on the determination results of the image proximity determination unit 221, the audio proximity determination unit 222, the operation commonality determination unit 223, and the same room user determination unit 224. It is determined whether or not. Specifically, the determination results of the determination results of the image proximity determination unit 221, the audio proximity determination unit 222, the operation commonality determination unit 223, and the room user determination unit 224 are weighted, and these determination results are integrated. If it is equal to or greater than the predetermined threshold value, it is determined that collaborative work is performed.

  In the example illustrated in FIG. 11, regarding the determination result between users, the determination result of the image proximity determination unit 221 is in the image determination field, the determination result of the sound proximity determination unit 222 is in the sound determination field, and the determination of the operation commonality determination unit 223 is The result is stored in the operation determination field, and the determination result of the same room user determination unit 224 is stored in the same room determination field as “◯” or “×”. When it is determined that the image proximity determination unit 221 is close, when the audio proximity determination unit 222 is determined to be close, or when the operation commonality determination unit 223 determines that the operation is common, When the person determination unit 224 determines that the person is present in the same room, “◯” is displayed.

  For example, in this embodiment, the weight of the determination result in the image determination field and the sound determination field is set to “1”, and the weight of the operation determination field and the room determination field is set to “0.5”. When the determination result is “◯”, the above-described values are added. When the addition result exceeds the threshold “1”, the collaborator determination unit 212 determines that the collaborative work is being performed. This determination result is shown in the comprehensive determination result field of FIG.

  In other words, the determination rule of being a collaborator in the present embodiment first determines that two users determined to be close in the image information are performing a collaborative work. Next, in the audio information, it is determined that the two users determined to be close are performing a joint work. Furthermore, when it is determined that the operations are common, it is determined that the two users are working together if it is determined that they are in the same room. In other cases, it is determined that the collaborative work is not performed.

  In the example illustrated in FIG. 11, the collaborator determination unit 212 determines that three pairs of userA and userB, userB and userC, and userA and userC were performing collaborative work at 15:00. That is, the joint worker determination unit 212 determines that three people are performing joint work. Then, the joint worker determination unit 212 registers the determination result in the joint worker storage unit 213.

  The data use period specifying unit 225 specifies the use period in which each electronic data is used based on the operation information stored in the operation history storage unit 203. The usage period in which the data is used is from the time “open” to the time “closed” in the operation information.

  Further, the data use period specifying unit 225 obtains the user ID and the electronic data name of the electronic data that has been accessed by the user indicated by the user ID from the operation information stored in the operation history storage unit 203. Then, it is registered in the data use period storage unit 205 in association with the specified time period. That is, the data use period specifying unit 225 has a function as an acquisition unit that acquires a user ID and an electronic data name.

  The above-described configuration performs accumulation of history, determination of a collaborator based on the history, and specification of use time of electronic data. Next, a configuration for performing access control when a user accesses electronic data will be described.

  The request accepting unit 215 accepts electronic data use requests received from the PCs 101 a to 101 e via the communication unit 220. The reception of the use request is the starting point for determining whether or not the user has the authority to access electronic data to be described later. First, a procedure for accessing in this embodiment will be described.

  First, when the user inputs the keyword “work1” on the electronic data search screen displayed on the PCs 101 a to 101 e, the communication unit 257 of the PCs 101 a to 101 e transmits the keyword “work1” to the PC server 100. . Then, the PC server 100 searches the data storage unit 206 using the keyword “work1”. Then, the communication unit 220 of the PC server 100 transmits the search result to the PCs 101a to 101e. Accordingly, the display processing unit 256 of the PCs 101a to 101e displays a list of electronic data including the keyword.

  Then, it is assumed that user B selects “work1.ppt” from the list of electronic data shown in FIG. 12 and requests access to the electronic data. In this case, the request output unit 258 outputs the request. Then, the request receiving unit 215 of the PC server 100 receives the request via the communication unit 220.

  Then, the access determination unit 226 determines whether the user has the right to access the electronic data when the request reception unit 215 receives the request. Specifically, the access determination unit 226 refers to the collaborator storage unit 213 and the data usage period storage unit 205, and the user who requested access accesses the user who used the electronic data to be accessed. It is determined whether or not a collaborator. If it is determined that it is not a collaborator, the request is discarded. The user who uses the electronic data to be accessed can be specified by referring to the data use period storage unit 205.

  Furthermore, when it is determined that the access determination unit 226 is a collaborator, the access determination unit 226 refers to the collaborator storage unit 213 and the data usage period storage unit 205 to request It is determined whether the usage time of the target electronic data is included.

  Then, the access determination unit 226 stores the determination result in the joint work data storage unit 214. Further, the access determination unit 226 may perform the above-described process without receiving a request for a request from the PCs 101 a to 101 e and store the determination result in the joint work data storage unit 214.

  The access control unit 219 controls electronic data that is a target of a request accessed from the PCs 101a to 101e. In the present embodiment, the user who made the request by the access determination unit 226 and the user who uses the electronic data are collaborators, and the usage time of the electronic data is included in the time zone in which the users are collaborating. If the access control unit 219 determines that the request has been made, the access control unit 219 permits access to the electronic data to be requested and transmits the electronic data to the requesting PC via the communication unit 220.

  In the example illustrated in FIG. 12, when the user B requests access to the electronic file “work1.ppt”, the access determination unit 226 refers to the collaborator storage unit 213 and the data use period storage unit 205 to refer to the “work1” It can be determined that the user A and the collaborator are using “.ppt”. As shown in FIG. 7, the usage period of “work1.ppt” is “2007/6/18 15:00” to “2007/6/18 15:21”, and as shown in FIG. 8, userA and userB Since it is a collaborator from 15:00, the access determination part 226 determines with the use period being included in the time slot | zone which is collaborating. Therefore, user B can access “work1.ppt” under the control of the access control unit 219. If the user who made the request is user D (user ID = userD), access to the electronic data is not permitted.

  Further, if the determination result of the access determination unit 226 is already stored in the joint work data storage unit 214, the access control unit 219 does not perform the determination process of the access determination unit 226 after receiving a request for the request. Referring to the collaborative work data storage unit 214, when the requesting user is associated with the electronic data that is the target of the request, control is performed to transmit the electronic data to the requesting PC. Also good.

  In the present embodiment, it is possible not only to search for electronic data, but also to access accessible electronic data from the history of collaborators. For example, when a user ID and a history transmission request are received as requests from the PCs 101a to 101e, it is conceivable to output the user ID and the like that performed the joint work.

  The collaborator extracting unit 216 refers to the collaborative work data storage unit 214 and extracts the request requesting user ID, the user ID of the user who performed the collaborative work, and the electronic data name used during the collaborative work. To do. At this time, the collaborator extracting unit 216 may refer to the data use period storage unit 205 and associate the extracted electronic data with the extracted user ID according to the usage relationship.

  The collaborator extraction unit 216 refers to the collaborator storage unit 213 instead of the collaborator data storage unit 214 when extracting the user who has collaborated, and the user of the user who performed the collaborative work The ID may be extracted. In this case, the collaborator extraction unit 216 further refers to the data use period storage unit 205, and an electronic data name indicating the electronic data in which the use period of the electronic data is included in the time zone during which the collaborative work has been performed. To extract. As a result, it is possible to extract the user ID of the user who performed the collaborative work in association with the electronic data used by the user who performed the collaborative work.

  The collaborator output unit 217 outputs the user ID extracted by the collaborator extractor 216 and the electronic data name to the request requesting PCs 101 a to 101 e via the communication unit 220.

  As shown in FIG. 13, the display processing unit 256 of the PCs 101a to 101e performs display processing of the user ID of the user who performed the joint work and the electronic data name used during the joint work. When the user selects an electronic data name with the cursor 1301, an access request for the electronic data is made. Since the procedure when an access request is made is as described above, a description thereof will be omitted. With this processing procedure, the user can easily access desired electronic data.

  Further, when the user designates electronic data on the PCs 101a to 101e, a history regarding the electronic data may be displayed and selection may be accepted.

  The collaborative work extraction unit 218 refers to the collaborative work data storage unit 214 and extracts a collaborative work in which electronic data indicated by the electronic data name designated by the user is accessed.

  In the example illustrated in FIG. 14, when the user uses the PCs 101 a to 101 e and designates “memo.txt” 1401, the request output unit 258 outputs the history together with the file name “memo.txt” 1401. The request is transmitted as a request to the PC server 100. When the request reception unit 215 of the PC server 100 receives the request, the joint work extraction unit 218 refers to the joint work data storage unit 214 and extracts record information including the file name. The extracted record information is transmitted to the PCs 101 to e that have made the request via the communication unit 220. In addition, as shown in FIG. 9, the extracted record information associates the time when the collaborative work is performed, the electronic data group used in the collaborative work, and the user group who performed the collaborative work. .

  Then, as shown in the window 1402 in FIG. 14, the display processing unit 256 displays the date (information about time) and the user ID associated with the date among the record information received by the communication unit 257. Process. When the user selects the time and user ID for which display processing has been performed, a list processing 1403 of electronic data names associated with the selected time and user ID is displayed. Then, the user makes a request for access to the electronic data by designating the presented electronic data name. As a result, the user can easily access the electronic data.

  That is, when the user designates electronic data, and when the server PC 100 accepts the electronic data name as a request, the user selects other electronic data associated with the electronic data name in the joint work data storage unit 214. This means that the access control unit 219 performs control for permitting access.

  Next, a procedure for determining a collaborator of the PC server 100 shown in FIG. 1 will be described with reference to FIG.

  First, the specific information acquisition unit 231 acquires operation information, audio information, image information, entrance / exit information, and a user ID that has entered / exited as specific information from the PCs 101 to e and the ID readers 130a and 130b ( Step S1501).

  Then, the specific information acquisition unit 231 registers the acquired specific information (operation information, audio information, image information, and the user ID that has entered and exited the room and the user ID that entered / exited) in each storage unit of the specific information storage unit. (Step S1502). More specifically, the operation information is stored in the operation history storage unit 203, the audio information is stored in the audio history storage unit 202, the image information is stored in the image history storage unit 201, and the user ID that has entered and exited the room and the ID of the user who entered and exited the room are stored in the ID history. Registered in the unit 204.

  Next, the data use period specifying unit 225 specifies the data use period from the operation information stored in the operation history storage unit 203, and registers the use period in the data use period storage unit 205 (step S1503).

  Then, the image proximity determination unit 221 determines a user who is close based on the image information stored in the image history storage unit 201 (step S1504).

  Next, the audio proximity determination unit 222 determines whether or not a plurality of users are close based on the audio information stored in the audio history storage unit 202 (step S1505).

  Then, the operation commonality determination unit 223 refers to the operation history stored in the operation history storage unit 203 to determine whether or not there is commonality among a plurality of users during work (step S1506).

  Furthermore, the same room user determination unit 224 determines a user who is present in the same room from the entry time and the exit time of each user's room stored in the ID history storage unit 204 (step S1507).

  Thereafter, the collaborator determination unit 212 determines whether or not a plurality of users are collaborators based on the determination results in steps S1504 to S1507 (step S1508).

  Then, the collaborator determination unit 212 associates two user IDs determined to be collaborators, and registers them in the collaborator storage unit 213 together with the time when the work was performed (step S1509).

  Next, a processing procedure when the PC server 100 accepts an electronic data access request will be described with reference to FIG.

  First, the request receiving unit 215 determines whether an electronic data use request has been received from the PCs 101a to 101e (step S1601). The usage request includes the name of the electronic data to be accessed and the user ID of the user who made the access request. If it is determined that a usage request has not been received (step S1601: No), the process is repeated.

  If it is determined that the use request has been received (step S1601: Yes), the access determination unit 226 determines whether the electronic data name included in the use request has already been registered in the joint work data storage unit 214. (Step S1602).

  If it is determined that the user is registered (step S1602: Yes), the access determination unit 226 determines whether the user who has made the access request is a collaborator (step 1603). Specifically, when the access determination unit 226 associates the user ID included in the access request with the name of the electronic data that requested the access in the joint work data storage unit 214, the electronic data Determine that you are a collaborator and user. And when it determines with it not being a collaborator (step S1603: No), it complete | finishes without performing a process in particular. If it is determined that the worker is a collaborator (step S1603: YES), the process of step S1608 is continued.

  On the other hand, when the access determination part 226 determines that it is not registered (step S1602: No). The access determination unit 226 determines whether the user who has requested access is a user who uses the electronic data to be accessed and a collaborator (step S1604). If it is determined that the worker is not a collaborator (step S1604: No), the process ends without performing any particular processing.

  On the other hand, when the access determination unit 226 determines that the worker is a collaborator (step S1604: Yes), the usage period of the electronic data requested to be requested is extracted from the data usage period storage unit 205 (step S1605).

  Then, the access determination unit 226 determines whether or not the usage period is included in the time zone in which the worker is a collaborator (step S1606). Note that the time zone of being a collaborator can be identified from the collaborator storage unit 213. If it is determined that the usage period is not included (step S1606: No), the process ends without performing any particular processing.

  On the other hand, when it is determined that the use period is included in the time zone when the access determination unit 226 was a collaborator (step S1607: Yes), the time when the collaborative work was performed using the electronic data, The user IDs of a plurality of users determined to be working are associated with the electronic data names of the electronic data used in the joint work and registered in the joint work data storage unit 214 (step S1607).

  After that (after step S1607 or step S1603: Yes), the access control unit 219 permits access to the electronic data that is the target of the access request, acquires the electronic data from the data storage unit 206, Control is performed to transmit to the PC that made the access request via the communication unit 220 (step S1608). Thereby, the user who made the access request can access the electronic data.

  In the present embodiment, a camera and a microphone are provided for each user, but the present invention is not limited to such facilities. For example, when the work room A is provided with one camera, the distance between users is calculated from image data captured by the camera, and when working within a predetermined distance, these users are determined to be collaborators. Also good.

  In the present embodiment, whether or not a collaborator is a member is determined based on the similarity of image, sound, and electronic data name (commonness of operation), and whether or not they are in the same room. Not all are necessary, only one or more. Furthermore, the determination as to whether or not the worker is a collaborator may be made based on criteria other than the similarity of image, sound, and electronic data name (commonness of operation) and whether or not they are in the same room. .

  In the present embodiment, it is possible to easily realize access control that enables access to the electronic data used in the collaborative work for the user who has performed the collaborative work. This makes it easier for the user to use the data. In addition, since the electronic data does not permit access to users who are not collaborating, security (safety) can be improved.

(Modification of the first embodiment)
Moreover, it is not limited to 1st Embodiment mentioned above, Various modifications which are illustrated below are possible. For example, in the first embodiment, the operation commonality by the operation commonality determination unit 223 is determined based on the electronic data name. However, the determination is not limited to such determination. Therefore, in this modification, it is assumed that a determination is made based on an operation input.

  It is assumed that the operation commonality determination unit according to this modification includes an operation activity level extraction unit. The operation activity extraction unit extracts the operation activity from the operation information stored in the operation history storage unit 203. The operation activity level indicates a degree indicating whether or not an operation input has been received from the user. The value is '1' when an operation is input, and the value is '0' when there is no operation input.

  Then, the operation commonality determination unit determines the commonality of operations of a plurality of users by comparing the extracted operation activities. That is, as shown in FIG. 17, the operation activity extracted from the operation information input from the PC 101a is compared with the operation activity extracted from the operation information input from the PC 101b. Then, after the activity level of a plurality of users becomes “0” within a predetermined time, and the activity level of a plurality of users becomes “1” within a predetermined time, the operations have commonality. Judge that there is. In other words, since a plurality of users stopped the operation almost at the same time (reference numerals 1701 and 1702) and then started the operation almost at the same time (reference numerals 1704 and 1705), it can be determined that they are collaborating while communicating with each other. . Note that if one user starts and stops an operation while the operation of each other is stopped (reference numeral 1703), it is not considered as an element of determination. Thereby, when it is determined that there is a common operation among a plurality of users, it can be determined that the possibility of being a collaborator is high.

(Second Embodiment)
In the first embodiment, the PC server 100 manages the history of specific information and performs access control on electronic data. However, it is not limited to collective management by the PC server 100 as in the first embodiment. Therefore, in the second embodiment, a case where access control is performed between PCs will be described.

  FIG. 18 is a block diagram illustrating configurations of the PC 1800 and the PC 1850 according to the second embodiment. The PC 1800 and the PC 1850 are configured to include one PC (101a to 101e) of the first embodiment and the PC server 100. Then, the history information necessary when requesting data access is transmitted to the requesting partner's PC, the collaborator is determined in the partner PC, and as a result, the user has data access rights. Is confirmed, the right to access the electronic data or the electronic data itself is transmitted.

  In the PC 1800, one of the PCs (101a to 101e) of the first embodiment and the data acquisition unit 211 are deleted, and each component of the specific information acquisition unit 231 is different from the PC server 100 in the request reception unit 1807. Included, a specific information storage unit 1832 that stores different data from the specific information storage unit 232, a request output unit 1806 that has a different process from the request output unit 258, a data generation unit 1810, The data use period specifying unit 225 is different from the data use period specifying unit 225 in that it includes a collaborator determination unit 1808, the access determination unit 226 is deleted, and the access control unit 219 includes an access control unit 1809 different in processing. Note that the description of the configuration of the PC 1800 of this embodiment that is the same as that of the first embodiment is omitted. Next, the configuration of the PC 1800 will be described.

  The specific information storage unit 1832 includes an image history storage unit 1801, an audio history storage unit 1802, an operation history storage unit 1803, and an ID history storage unit 1804. The image history storage unit 1801, the audio history storage unit 1802, the operation history storage unit 1803, and the ID history storage unit 1804 are the image history storage unit 201, the audio history storage unit 202, the operation history storage unit 203, and the first embodiment. The data structure is the same as that of the ID history storage unit 204, but the stored data only stores the history related to the user who has logged into the PC 1800.

  That is, the image history storage unit 1801 stores the image information input by the image input processing unit 253. The voice history storage unit 1802 stores the voice information input by the voice input processing unit 252.

  The operation history storage unit 1803 stores operation information received by the operation input receiving unit 251 and subjected to input processing by an operation information input processing unit 261 (not shown). The ID history storage unit 1804 stores the entry / exit history of only the user who has logged in to the PC 1800 that has been input from the ID readers 130a and 130b.

  The data generation unit 1810 generates electronic data according to the operation received by the operation input reception unit 251. Note that the generated electronic data is stored in the data storage unit 206. The electronic data is a target of whether or not to permit access to other users.

  The history management unit 1831 includes a specific information storage unit 1832, a data generation unit 1810, a data usage period storage unit 1805, and a data storage unit 206, and manages the history of users who use the PC 1800.

  The request output unit 1806 issues and outputs a use request (request) for data accessed by the collaborator during the collaborative work. The request output unit 1806 also transmits various specific information stored in the image history storage unit 1801, the audio history storage unit 1802, the operation history storage unit 1803, and the ID history storage unit 1804 when transmitting the request. . This specific information is also associated with information such as time and user ID.

  In the present embodiment, in order for the request output unit 1806 to output the specific information, the user designates a time zone (for example, 2007/6/18 15:00) when the user has referred to the electronic data requesting access. This designated time zone corresponding time zone (in this embodiment, since history information is managed in units of 10 minutes, from 15:00 to 15:10) corresponds to an access request. The unit 1806 transmits the specific information of the time zone.

  The request reception unit 1807 includes an image acquisition unit 1811, an audio acquisition unit 1812, an operation acquisition unit 1813, and an ID acquisition unit 1814. The request reception unit 1807 receives electronic data received from another PC (1850) via the communication unit 257. Accept usage requests and specific information.

  The image acquisition unit 1811 acquires the image information received together with the usage request. This image information is associated with the user ID of the user who was logged in when the image information was photographed and the time when the photographing was started.

  The voice acquisition unit 1812 acquires the voice information received together with the usage request. This audio information is associated with the user ID of the user who was logged in when the image information was captured, and the time when audio recording started.

  The operation acquisition unit 1813 acquires the operation information received together with the usage request. This operation information is associated with the user ID of the user who performed the operation and the time when the operation was accepted.

  The ID acquisition unit 1814 acquires the user ID received together with the usage request. This user ID is associated with the time when the room was entered / exited and the name of the room where the room was entered / exited.

  The collaborator determination unit 1808 uses the PC 1800 using various types of specific information stored in the specific information storage unit 1832 and various types of specific information acquired by the voice acquisition unit 1812, the operation acquisition unit 1813, and the ID acquisition unit 1814. It is determined whether the user who is using the PC 1850 who has requested access to the electronic data is a collaborator. The determination procedure is the same as in the first embodiment, and a description thereof is omitted. When it is determined that the worker is a collaborator, the determination result is stored in the collaborator storage unit 213. This makes it possible to access the electronic data without transmitting specific information from the next time.

  If it is determined that the collaborative work has been performed, the access control unit 1809 refers to the data use period storage unit 1805, specifies the electronic data used in the time period, and then uses the specified electronic data to the PC 1850. Control to send to. As a result, a group of electronic data including electronic data that the user who requested the request wanted to access can be used. Further, the access control unit 1809 registers the result of specifying the electronic data in the joint work data storage unit 214 in advance.

  Thereby, the user who requests access succeeds in acquiring the data of the user who has been collaborating by outputting his / her specific information. In addition, it is possible to prevent the user's specific information using the electronic data requested to be accessed from being referred to by the user who requested the access, and to transmit only data that can be permitted access to the user who requested the access. it can.

  Next, a processing procedure when accessing electronic data in the PC 1800 and the PC 1850 will be described with reference to FIG.

  First, the PC 1850 outputs the specific information regarding the user B in the designated time zone together with the request (step S1901).

  Then, the PC 1800 receives the specific information regarding the user B in the designated time zone together with the request (step S1911).

  Next, the collaborator determining unit 1808 of the PC 1800 determines whether or not the collaborator is a collaborator in the designated time period from the specific information stored in the PC 1800 and the received specific information (step S1912). . The processing procedure is the same as in the first embodiment, and a description thereof is omitted.

  If it is determined that the worker is a collaborator, the access control unit 1809 of the PC 1800 outputs electronic data used in the time period to the PC 1850 (step S1913).

  As a result, the PC 1850 inputs electronic data when collaborating (step S1902). Thereby, the user who used PC1850 can use the electronic data at the time of collaborating.

  In this embodiment, in addition to the effects shown in the first embodiment, the specific information of each user is managed by each user's PC, and when the user makes a request request, in other words, the user permits Only in some cases, the specific information is transmitted to other users, so that the user himself / herself manages the information of each user, so that privacy can be protected and security can be improved.

  Furthermore, since it is not necessary to collectively manage electronic data, the data holding capacity can be reduced.

  As shown in FIG. 20, the PC server 100 and PC (1800, 1850) of the above-described embodiment includes a ROM 2002 in which a data access control program for performing the above-described processing is stored as a hardware configuration, and a ROM 2002 CPU 2001 for controlling each part of PC server 100 and PC (1800, 1850) in accordance with the program, RAM 2003 serving as a data storage area, communication I / F 2005 for communication connected to a network, input device 2006, and display A device 2007, an HDD (Hard Disk Drive) 2008 that stores information, and a bus 2004 that connects each unit are provided.

  The data access control program may be provided by being recorded in a computer-readable recording medium such as a CD-ROM, a floppy (registered trademark) disk (FD), a DVD or the like in an installable or executable format file. Good.

  In this case, the data access control program is loaded on the RAM 2003 by being read from the recording medium and executed by the PC server 100 and PC (1800, 1850), and the respective units described in the software configuration are generated on the RAM 2003. It has come to be.

  Further, the data access control program of the above-described embodiment may be provided by being stored on a computer connected to a network such as the Internet and downloaded via the network.

  As described above, the present invention has been described using the embodiment. However, the configuration of the above embodiment can be combined, and various modifications or improvements can be added to the above embodiment.

It is a figure explaining the outline | summary at the time of the joint work concerning 1st Embodiment. It is a block diagram which shows the structure of PC101a and PC server 100 concerning 1st Embodiment. It is the figure which showed the table structure of the image history memory | storage part concerning 1st Embodiment. It is the figure which showed the table structure of the audio | voice log | history memory | storage part concerning 1st Embodiment. It is the figure which showed the table structure of the operation history memory | storage part concerning 1st Embodiment. It is the figure which showed the table structure of the ID log | history memory | storage part concerning 1st Embodiment. It is the figure which showed the table structure of the data use period memory | storage part concerning 1st Embodiment. It is the figure which showed the table structure of the collaborator memory | storage part concerning 1st Embodiment. It is the figure which showed the table structure of the joint work data storage part concerning 1st Embodiment. It is explanatory drawing which showed the outline | summary of the determination process whether the user is approaching by the audio | voice proximity | contact determination part. It is explanatory drawing which showed the example of the determination result by a joint worker determination part. It is the screen figure which showed the example of the search result which the display process part of PC displays. It is the screen figure which showed the example of the collaborative work history which the display process part of PC displays. FIG. 6 is a screen diagram illustrating an example of a screen that traces up to electronic data used by another user at the time of collaborative work using the electronic data when electronic data is designated. It is the flowchart which showed the process sequence until it determines a collaborator in the PC server concerning 1st Embodiment. 4 is a flowchart showing a processing procedure from when an access request is accepted until access to electronic data is permitted in the PC server according to the first embodiment. It is explanatory drawing which showed the outline | summary at the time of determining the commonality of operation concerning the modification of 1st Embodiment. It is a block diagram which shows the structure of PC concerning 2nd Embodiment. It is a sequence diagram which shows the process at the time of outputting an access request in PC concerning 2nd Embodiment. It is a figure which shows the hardware constitutions of PC server and PC.

Explanation of symbols

100 PC server 101a-e PC
102a to e Microphone 110 Screen 120a to e Camera 130a and b ID reader 201 Image history storage unit 202 Voice history storage unit 203 Operation history storage unit 204 ID history storage unit 205 Data usage period storage unit 206 Data storage unit 207 Image acquisition unit 208 Voice acquisition unit 209 Operation acquisition unit 210 ID acquisition unit 211 Data acquisition unit 212 Joint worker determination unit 213 Joint worker storage unit 214 Joint work data storage unit 215 Request reception unit 216 Joint worker extraction unit 217 Joint worker output unit 218 Joint work extraction unit 219 Access control unit 220 Communication unit 221 Image proximity determination unit 222 Audio proximity determination unit 223 Operation commonality determination unit 224 Same room user determination unit 225 Data usage period specification unit 226 Access determination unit 231 Specific information acquisition unit 232 specification Affection Storage unit 233 History management unit 241 Image user identification unit 242 Audio proximity determination unit 243 Data similarity determination unit 251 Operation input reception unit 252 Audio input processing unit 253 Image input processing unit 254 User ID addition unit 255 User ID authentication unit 256 Display Processing unit 257 Communication unit 258 Request output unit 261 Operation information input processing unit 1801 Image history storage unit 1802 Audio history storage unit 1803 Operation history storage unit 1804 ID history storage unit 1805 Data usage period storage unit 1806 Request output unit 1807 Request reception unit 1808 Joint worker determination unit 1809 Access control unit 1810 Data generation unit 1811 Image acquisition unit 1812 Audio acquisition unit 1813 Operation acquisition unit 1814 ID acquisition unit 1831 History management unit 1832 Specific information storage unit 2001 CPU
2002 ROM
2003 RAM
2004 Bus 2005 Communication I / F
2006 Input device 2007 Display device 2008 HDD

Claims (7)

A specific information acquisition unit for acquiring specific information having at least one of image information, audio information, and operation information for specifying a user;
A storage unit for storing the specific information;
An acquisition unit for acquiring user information for identifying a user and data identification information for identifying data that the user has accessed;
A usage information correspondence storage unit that stores usage information in which the user information and the data identification information are associated;
A determination unit that determines whether or not a plurality of users are collaborators based on the specific information stored in the storage unit;
An output unit for outputting the data identification information associated with the user information and the use information for identifying the user determined as the collaborator for the collaborator,
A request accepting unit that accepts an input of the data identification information to be an access request from the output data identification information;
An access control unit that allows the collaborator to access the data identified by the data identification information that has received an input ;
A data access control device comprising: A use time specifying unit for specifying the use time accessed by the user with respect to the data,
The specific information acquisition unit further acquires a specific time for specifying a work time of joint work,
The storage unit further stores the specific time in association with each other,
The usage information correspondence storage unit further stores the usage information associated with the usage time,
The determination unit further determines whether the usage time is included in the work time specified at the specific time associated with the specific information,
The access control unit is further identified by the data identification information associated with the usage time and the usage information when it is determined that the usage time is included in the work time. Granting data access to the collaborator;
The data access control device according to claim 1. The specific information acquisition unit acquires, as the specific information, the operation information performed on the data from the information processing apparatus used by each user together with the operation time when the operation was performed,
The usage time specifying unit specifies the usage time when the user accesses the data based on the operation information and the operation time.
The data access control device according to claim 2. The specific information acquisition unit acquires, as the specific information, image information obtained by photographing an area where a user is working,
The determination unit includes a user identification unit that identifies a user imaged in the image information, and determines the user identified by the user identification unit from the image information as a collaborator.
The data access control device according to claim 1, wherein The specific information acquisition unit acquires, as the specific information, audio information detected from an area where a user is working,
The determination unit determines the collaborator based on the acquired voice information;
The data access control device according to claim 1, wherein The specific information acquisition unit acquires operation information performed on data from the information processing apparatus used by each user as the specific information,
The determination unit includes a similarity determination unit that determines whether or not the plurality of pieces of data that are operation targets in the operation information acquired from a plurality of information processing devices are more than a predetermined reference. Determining a plurality of users who have operated each of the plurality of data determined to be similar to or more than the criteria of the above as collaborators,
The data access control device according to claim 1, wherein A specific information acquisition unit for acquiring specific information having at least one of image information, audio information, and operation information for specifying a user;
A storage unit for storing the specific information;
An acquisition unit for acquiring user information for identifying a user and data identification information for identifying data that the user has accessed;
A usage information correspondence storage unit that stores usage information in which the user information and the data identification information are associated;
A determination unit that determines whether or not a plurality of users are collaborators based on the specific information stored in the storage unit;
Joint work data storage for storing, in association with each other, user identification information for identifying a plurality of users determined as the joint worker by the determination unit and a plurality of the data identification information associated with the use information. And
A request receiving unit for receiving data identification information for identifying data ;
And said data identification information before Symbol request accepting unit accepts, the data identified by the data identifying information associated with the collaborative data storage unit, to the collaborators, to allow access An access control unit;
A data access control device comprising:

Images