JP5040859B2 - Information leakage prevention program and information leakage prevention method - Google Patents

Description

  The present invention relates to a technique for preventing leakage of confidential information from a computer system, and in particular, information leakage that can prevent leakage of information via the clipboard without losing the convenience of the clipboard. The present invention relates to a prevention program and an information leakage prevention method.

  In recent years, leakage of confidential information from computers has become a major social problem.

  A secret document file in which personal information, company secret information, and the like are recorded is generally protected by encryption on a computer file system. An access right is set to such a secret document file, and for example, it may be protected so that only a specific user can access it. In this way, a document whose data is protected by encryption or the like is referred to as a protected document here. Data protected by protected documents includes not only characters but also tables and figures.

  The protected document file is encrypted and stored when stored in the file system. When browsing or editing a protected document, an application corresponding to the protected document decrypts the encrypted protected document file. The protected document can be browsed and edited only on the application in an unencrypted state, and is encrypted again when stored in the file system after editing. By such a mechanism, leakage of information from the protected document is prevented.

  However, if the use of the clipboard is permitted when editing a protected document, there is a risk that confidential information may leak through the clipboard.

  In a situation where a protected document is opened and edited on the application, the protected document is not in an encrypted state. At this time, if it is permitted to copy a part or all of the text of a protected document to the clipboard and paste it into another document, if the pasted document is not a protected document (hereinafter referred to as an unprotected document), The unprotected document file including the pasted confidential information may be stored in the file system without being encrypted. That is, there is a risk that secret information may be leaked from a file of an unprotected document that is not encrypted and includes pasted secret information.

  Here is a brief description of the clipboard.

  The clipboard is a function provided by the OS, and is a shared memory area that can be used by a plurality of applications and that stores data easily on a computer. For example, when editing a document with word processing software or the like, copy and paste or cut and paste using such a clipboard is often performed.

  FIG. 10 is a diagram for explaining the mechanism of the clipboard. FIG. 10A shows an example of storing data in the clipboard 20 by copying or cutting (cutting) and acquiring data from the clipboard 20 by pasting (pasting), and FIG. 10B shows the format number and format. An example of correspondence information with names is shown. Here, the correspondence information between the format number and the format name is referred to as clipboard format correspondence information 21. The format number and format name are identification information of the format of data stored in the clipboard 20.

  As shown in FIG. 10A, in the clipboard 20, data is stored in pairs with identification information of the format of the data. Even when one data is copied or cut, when there are a plurality of corresponding formats, as many pairs of the format identification information and data as the number of formats are stored in the clipboard 20.

  For example, when a part of text is copied from a document file of a word processor, the text data of the copied text, bitmap data of the copied text, native data of the copied text (format data unique to the word processor, including control codes, etc.) ) Are stored in areas reserved for the respective formats of text data, bitmap data, and native data on the clipboard 20.

  In the clipboard 20, the format is managed by the format number as shown in FIG. The format number corresponds to the format name of each format as shown in FIG.

  The correspondence between the format number and the format name as shown in FIG. 10B is managed by the OS (clipboard 20). For example, an API (Application Programming Interface) for acquiring the format name from the format number, the format APIs for obtaining the format number from the name are prepared. An application that uses the clipboard 20 acquires a format number from the format name of the format to be used, and accesses the clipboard 20 using the format number.

  In the clipboard 20, the formats include a predetermined format and a format that can be newly defined by the user. For example, the application can store data in the clipboard 20 using an existing format such as a text data format or a bitmap data format. Also, a user or application can register a new format in the clipboard 20 and store data in the clipboard 20.

  For example, when a format name of a format newly used by the application is registered, a format number is assigned to the registered format name on the clipboard 20. When data is stored in association with the format number assigned by the application, the clipboard 20 secures a data storage area corresponding to the format number and stores the data in that area.

  A simple example of copy and paste using the clipboard 20 will be described.

  In FIG. 10A, it is assumed that a part of text data is copied from a document being viewed / edited in a process α of an application. The application stores data on the clipboard 20 in a plurality of data formats such as text data, bitmap data, and native data. At this time, the application acquires a format number corresponding to the format name of each format from the clipboard format correspondence information 21 shown in FIG. The application converts the copied text data into data of each format, and stores the data of each format in the clipboard 20 in association with the format number of each format.

  Here, in a process β of an application, the sentence data stored in the clipboard 20 is pasted into a document being viewed / edited. The process β may be the same application process as the process α, or may be a process of another application. Further, the process α and the process β may be the same process. That is, data copied in the process α may be pasted in the process α.

  In process β, the application acquires a format number corresponding to the format name of the text data format to be pasted on the document being viewed / edited from the clipboard format correspondence information 21 shown in FIG. For example, when text data is to be pasted in the text data format, the format number “1” is acquired from the format name “TEXT”. The application acquires the data stored in the clipboard 20 by specifying the format number and pastes it in the document being viewed / edited.

  As described above, by using the clipboard 20, it is possible to easily copy a sentence, an image, or the like from one document being edited to another document being edited. That is, if the use of the clipboard 20 is permitted when editing the protected document, the data copied in the protected document can be pasted in the non-protected document, so that confidential information may be leaked through the clipboard 20. There is sex.

  As a countermeasure against such information leakage through the clipboard 20, a technique for prohibiting the use of the clipboard 20 by an application is known.

  FIG. 11 is a diagram for explaining a technique for preventing information leakage by prohibiting the use of a clipboard by an application.

  As shown in FIG. 11, the file of the protected document α is encrypted on the file system 3 so that information is not leaked. When the protected document α is viewed / edited by the application, the protected document α is decrypted when the file is opened, and the protected document α is unencrypted in the protection process 150α for browsing / editing the protected document α.

  In a computer system, the process of handling a protected document in which file data is protected by encryption or prohibition of taking out, etc., is in a protection state that requires protection of the data to be handled, and control to protect the information of the document being viewed / edited Done. In the process in the protected state, control is performed so as not to leak information from other than the clipboard 20, for example, by restricting file output or forcible encryption at the time of file output. When a file of a protected document is opened in an application that can handle the protected document, the process that handles the protected document automatically enters a protected state. Here, a process in a protected state is referred to as a protected process.

  If the copy or cut of data using the clipboard 20 is permitted in the protection process 150α for browsing / editing the protected document α, information may leak from the clipboard 20.

  In order to prevent this, there is a technique for prohibiting the use of the clipboard 20 by an application or OS. As shown in FIG. 11, in the protection process 150α, copying and cutting of data using the clipboard 20 is prohibited.

  In addition, a technique is known in which an application that handles protected documents encrypts copy data and cut data and stores them in a clipboard (see, for example, Patent Document 1).

  FIG. 12 is a diagram illustrating an example of a technique in which an application that handles a protected document encrypts copy data and stores it in the clipboard.

  As shown in FIG. 12, in the protection process 150α, the application encrypts copy data from the protected document α and stores it in the clipboard 20. At this time, the encrypted data is stored in the clipboard 20 in an existing format that can be specified by all applications or processes.

  It is assumed that the paste to the protected document β is instructed in the protection process 150β for browsing / editing the protected document β. At this time, the application decrypts the encrypted data acquired from the clipboard 20 and pastes it into the protected document β. When the file of the protected document β is stored, the outflow of information from the file of the protected document β is prevented by encryption.

  In the technique shown in FIG. 12, the data stored in the clipboard 20 is encrypted. In other words, with the technique shown in FIG. 12, secret information can be copied and pasted via the clipboard 20 only by an application or process that can decrypt the encrypted data stored in the clipboard 20.

  In an application or process that does not allow acquisition of confidential information, even if encrypted data is obtained from the clipboard 20 by a paste instruction, the encrypted data cannot be decrypted. It just pastes the data. For example, encrypted data in a text data format can be acquired from the clipboard 20 by specifying an existing text data format, but the encrypted data cannot be decrypted by an application or process that is not permitted to acquire confidential information.

  In addition, a technique is known in which dummy data is added in front of output data from the memory and the data is output to output data that cannot be decoded by a third party who does not know that the dummy data has been added ( For example, see Patent Document 2). In this technique, a circuit for adding dummy data before output data is provided in the memory.

A user who knows what kind of dummy data is added can obtain regular memory data without the dummy data, but what kind of dummy data is added can be obtained. An unknown third party cannot analyze the memory data because it does not know the starting position of the legitimate memory data.
JP 2006-155155 A JP 2000-148595 A

  The above-described technology for prohibiting the use of the clipboard 20 has a problem that the convenience of the clipboard 20 cannot be obtained and it is very inconvenient to edit a document.

  In addition, the above-described technology for encrypting copy data and storing it on the clipboard has a problem that failure may occur if the copy data is pasted in an application or process that is not permitted to acquire confidential information. is there.

  FIG. 13 is a diagram for explaining a problem of a technique in which an application that handles a protected document encrypts copy data and stores it in the clipboard.

  As shown in FIG. 13, in the protection process 150α, the application encrypts copy data from the protected document α and stores it in the clipboard 20.

  It is assumed that the paste to the unprotected document γ is instructed in the unprotected process 160γ for browsing / editing the unprotected document γ. At this time, the application can specify the format and acquire the encrypted data from the clipboard 20. However, since the acquired encrypted data cannot be decrypted, the encrypted data is directly pasted into the unprotected document γ.

  In the computer system, a process for handling an unprotected document whose file data is not protected is in an unprotected state in which protection of the handled data is not required, and control for protecting the information of the document being viewed / edited is not performed. In a process that is in an unprotected state, control of information leakage prevention such as restriction on file output and forced encryption at the time of file output is not particularly performed. Here, a process in an unprotected state is referred to as an unprotected process.

  Even if pasting is performed in the non-protection process 160γ, only meaningless encrypted data is pasted, and information leakage is prevented. However, since the correspondence between the data format of the clipboard 20 and the encrypted data is not consistent, the non-protected process 160γ cannot understand the meaning of the encrypted data to be pasted as shown in FIG. May freeze.

  In addition, in the technique of adding dummy data before the output data described above, a circuit for adding dummy data must be provided in the memory. In order to apply this technique as a security technique for the clipboard 20, it is necessary to make some changes to the functions of the memory and the OS clipboard 20.

  An object of the present invention is to provide a technique for solving the above-described problems, ensuring the convenience of the clipboard, and preventing leakage of information protected via the clipboard.

  It has a protection state in which protection of data handled in the application program is required, and a non-protection state in which protection of data to be handled is not required.

  An information leakage prevention program that prevents data leakage of data that is instructed to be copied or cut in the protected state encrypts data that is instructed to copy or cut when the computer is instructed to copy or cut data in the protected state. The data encryption unit to be encrypted, the encrypted data storage unit that stores the encrypted data in the shared memory area in association with the format identification information for the predetermined encrypted data, and the data pasting in the protected state is instructed In some cases, the format identification information for encrypted data is designated to function as an encrypted data acquisition unit that acquires encrypted data from the shared memory area, and an encrypted data decryption unit that decrypts the acquired encrypted data.

  An information leakage prevention method for preventing data leakage of data that is instructed to be copied or cut in the protected state is a method in which data is instructed to be copied or cut when the computer is instructed to copy or cut data in the protected state. The process of encrypting the encrypted data, storing the encrypted data in the shared memory area in association with the format identification information for the predetermined encrypted data, and encrypting the data when instructed to paste the data in the protected state. A process of acquiring encrypted data from the shared memory area by specifying format identification information for data and a process of decrypting the acquired encrypted data are executed.

  In the protected state, by storing the encrypted data in the clipboard (shared memory area) in association with the format identification information for the predetermined encrypted data, the format identification information for the predetermined encrypted data can be specified from the clipboard. Since the protected data can be pasted only in a protected process that can acquire encrypted data and decrypt the encrypted data, the convenience of the clipboard is ensured and the clipboard is used. It is possible to prevent the protected data from being leaked.

  Also, since encrypted data is not stored in the clipboard in association with the format identification information normally used in the unprotected state, the encrypted data is acquired and pasted as it is by an application or process that cannot decrypt the encrypted data. Can be prevented.

  These effects can be obtained without modifying the memory, the OS clipboard function, and the application that cannot decrypt the encrypted data stored in the clipboard with the format identification information for the predetermined encrypted data. .

  With these effects, it is possible to prevent information from leaking from a protected document to an unprotected document even if the application handles the protected document and the unprotected document at the same time and shares the clipboard with those documents.

  Hereinafter, the present embodiment will be described with reference to the drawings.

  FIG. 1 is a diagram illustrating a configuration example of an application including a clipboard information leakage prevention processing unit according to the present embodiment.

  In FIG. 1, an application 1 is realized by hardware such as a CPU and memory provided in a computer (not shown) and a software program, and a copy / cut processing unit 11, a paste processing unit 12, and a clipboard information leakage prevention processing unit 100. Is provided.

  In FIG. 1, a clipboard function unit 2 is a clipboard function provided by an OS (Operating System) provided in the computer. The clipboard function unit 2 includes a clipboard 20 that is a shared memory area for storing data copied or cut (cut) by a plurality of applications, and correspondence between the format number and format name of the data stored in the clipboard 20 Information 21 corresponding to the clipboard format is included. The format number and format name are identification information of the format of data stored in the clipboard 20.

  In the application 1, the copy / cut processing unit 11 copies or cuts data in accordance with a data copy or cut instruction from a document being edited by the user. Data copied or cut by the copy / cut processing unit 11 is stored in the clipboard 20 via the clipboard information leakage prevention processing unit 100.

  The pasting processing unit 12 pastes data in response to an instruction for pasting (pasting) data to a document being edited by the user. Data pasted by the pasting processing unit 12 is acquired from the clipboard 20 via the clipboard information leakage prevention processing unit 100.

  The clipboard information leakage prevention processing unit 100 prevents leakage of secret information via the clipboard while ensuring the convenience of the clipboard. The clipboard information leakage processing unit 100 includes a data storage unit 101, a dummy data storage unit 102, a format registration unit 103, a data encryption unit 104, an encrypted data storage unit 105, a data acquisition unit 106, an encrypted data acquisition unit 107, an encryption And a non-protected / protected state transition unit 109.

  In the following description of the present embodiment, the protection process and the non-protection process are processes of the application 1 including the clipboard information leakage prevention processing unit 100 according to the present embodiment. Although not shown, the application 1 performs state management of whether the execution process is in a protected state or a non-protected state.

  In a computer system, a process that handles a protected document in which file data is protected due to encryption or prohibition of taking-out is in a protection state that requires protection of the data to be handled. In addition, a process that handles an unprotected document whose file data is not protected enters an unprotected state in which protection of the handled data is not required. Here, a process in a protected state is called a protected process, and a process in an unprotected state is called a non-protected process. In the protection process, control is performed so that no information is leaked from other than the clipboard 20, for example, by restricting file output or forcible encryption at the time of file output.

  Note that an application that does not include the clipboard information leakage prevention processing unit 100 according to the present embodiment does not know the format for predetermined encrypted data described below, and uses the clipboard 20 with the format identification information for predetermined encrypted data. Since the encrypted data stored in cannot be decrypted, the operation is basically the same as that of the unprotected process.

  The data storage unit 101 stores data instructed to be copied or cut in the unprotected process in the clipboard 20 in association with identification information of a normal format.

  The normal format is an original data format used when the application 1 stores data in the clipboard 20 in an unprotected process, that is, in an unprotected state in which information is not protected. Existing text data formats, bitmap formats, and native data formats that include application-specific control codes are normal formats. Data stored in the clipboard 20 in association with identification information in a normal format can be acquired by a protected process, an unprotected process, or an application that does not include the clipboard information leakage prevention processing unit 100 according to the present embodiment. Is possible.

  The dummy data storage unit 102 stores dummy data in the clipboard 20 in association with identification information of a normal format when copying or cutting is instructed in the protection process. The dummy data may be prepared in advance or may be generated. The dummy data includes empty data.

  The format registration unit 103 registers a predetermined format for encrypted data in the clipboard 20 in the protection process.

  The format for the predetermined encrypted data is a format determined in advance by the application 1 including the clipboard information leakage prevention processing unit 100 according to the present embodiment in order to store the encrypted data in the clipboard 20. That is, the format name of a predetermined encrypted data format is obtained by acquiring the encrypted data stored in the clipboard 20 or the application 1 that stores the encrypted data of the data copied or cut from the protected document in the clipboard 20. , A format name commonly used by the application 1 that decrypts and pastes it into the protected document. When storing encrypted data in a plurality of formats on the clipboard 20, a plurality of predetermined formats for encrypted data are determined in advance.

  The encrypted data stored in the clipboard 20 in association with the format identification information for the predetermined encrypted data can be acquired by the protection process of the application 1 including the clipboard information leakage prevention processing unit 100 according to this embodiment. , Can be decrypted.

  The data encryption unit 104 encrypts data instructed to be copied or cut in the protection process.

  In the protection process, the encrypted data storage unit 105 stores the data encrypted by the data encryption unit 104 in the clipboard 20 in association with the format identification information for predetermined encrypted data.

  The data acquisition unit 106 acquires data from the clipboard 20 by specifying a normal format when a paste is instructed in the unprotected process. In the unprotected process, the format for the predetermined encrypted data is not specified. In addition, the data acquisition unit 106, if the pasting is instructed in the protection process, is normally performed if the encrypted data is not stored in the clipboard 20 in association with the format identification information for predetermined encrypted data. The data is acquired from the clipboard 20 by specifying the format.

  If the encrypted data is stored in the clipboard 20 in association with the format identification information for the predetermined encrypted data when the paste is instructed in the protection process, the encrypted data acquisition unit 107 has a predetermined The encrypted data is acquired from the clipboard 20 by specifying the format identification information for the encrypted data.

  The encrypted data decryption unit 108 decrypts the encrypted data acquired by the encrypted data acquisition unit 107.

  When the non-protection / protection state transition unit 109 is instructed to paste in the non-protection process and the encrypted data is stored in the clipboard 20 in association with the format identification information for predetermined encrypted data, If it is determined to shift the execution process to the protected state, the execution process is shifted from the unprotected state to the protected state.

  When the execution process shifts from the unprotected state to the protected state, the control is changed so that the unprotected document being edited in the current execution process is treated as a protected document, that is, the information of the document being edited is protected. Since the state of the execution process changes from the unprotected state to the protected state, the execution process changes from the unprotected process to the protected process.

  FIG. 2 is a diagram illustrating the storage of copy data on the clipboard in the application protection process according to the present embodiment.

  In the protection process 15 of the application 1, when data copying is instructed by the user, the dummy data storage unit 102 stores dummy data prepared in advance in the clipboard 20 in association with identification information of a normal format.

  For example, in FIG. 2, it is assumed that format number: 1 is format identification information of text data that is normally used, and format number: 2 is format identification information of bitmap data that is normally used. When the user designates a copy of data from a document being edited, the application 1 stores the copy data in the clipboard 20 in a text data format and a bitmap data format.

  At this time, the dummy data storage unit 102 stores the dummy data in the text data format and the dummy data in the bitmap data format on the clipboard 20 by specifying the format number: 1 and the format number: 2, respectively.

  In the clipboard function unit 2, areas of format number: 1 and format number: 2 are secured on the clipboard 20, and dummy data of the text data format and dummy data of the bitmap data format are stored in the respective areas.

  The dummy data of each format may be prepared and held in advance, or may be automatically generated. The dummy data may be empty data. The dummy data is unencrypted data.

  Also, in the protection process 15 of the application 1, when data copy is designated by the user, the format registration unit 103 registers a predetermined format for encrypted data in the clipboard 20. For example, an API for registering a unique format in the clipboard 20 is provided by the OS, and when a new format name is registered, a format number is automatically assigned.

  For example, in FIG. 2, the encrypted text data format “ENCRYPTEDTEXT” is registered as a format for predetermined encrypted data corresponding to the normal text data format “TEXT”. In the clipboard function unit 2, a format number is assigned to the format name of the newly registered format. Here, it is assumed that the format number “n” is assigned to the format name “ENCRYPTEDTEXT” as shown in the clipboard format correspondence information 21 in FIG.

  Once a predetermined format for encrypted data has been registered, it is not necessary to register a new format every time encrypted data of the same format is stored in the clipboard 20 until the system is reset. .

  In the protection process 15 of the application 1, when data copy is designated by the user, the data encryption unit 104 encrypts the designated copy data. The encrypted data storage unit 105 stores the encrypted copy data on the clipboard 20 with a format number of a predetermined format for encrypted data.

  For example, in FIG. 2, the data encryption unit 104 encrypts copy data in a designated text data format. The encrypted data storage unit 105 specifies the format number: n and stores the encrypted copy data on the clipboard 20.

  In the clipboard function unit 2, an area of the format number: n is secured on the clipboard 20, and encrypted copy data is stored in the area.

  When storing encrypted data in a plurality of formats on the clipboard 20, the respective formats for the predetermined encrypted data are registered, and the corresponding formats for the predetermined encrypted data are designated respectively. The digitized data is stored in the clipboard 20. For example, when the encrypted data in the text data format and the encrypted data in the bitmap data format are stored in the clipboard 20, the format for the predetermined encrypted data corresponding to the text data format and the bitmap data format are supported. The predetermined encrypted data format is registered, format identification information for each predetermined encrypted data is specified, and the encrypted data in the text data format and the encrypted data in the bitmap data format are stored in the clipboard 20. To store.

  In this way, in the protection process 15, when data copy is designated by the user, dummy data is stored in the clipboard 20 in the normal format, and predetermined encrypted data is stored in the clipboard 20 for the designated copy data. Format is registered, the copy data is encrypted, and the encrypted copy data is stored in the clipboard 20 in a predetermined format for encrypted data.

  Although an example of copying data in the protection process 15 has been described here, the same applies to data cutting in the protection process 15.

  FIG. 3 is a diagram for explaining the acquisition of copy data from the clipboard by the application according to the present embodiment. The example shown in FIG. 3 is an example in which the copy data stored in the clipboard 20 in the protection process 15 in FIG. 2 is pasted in each of the protection process 15 and the non-protection process 16.

  In the protection process 15 of the application 1, when the user gives an instruction to paste the data, the encrypted data acquisition unit 107 stores the encrypted data in the clipboard 20 with the format identification information for the predetermined encrypted data. For example, the stored encrypted data is acquired. The encrypted data decrypting unit 108 decrypts the acquired encrypted data.

  For example, in FIG. 3, the encrypted data acquisition unit 107 acquires the format number corresponding to the format name “ENCRYPTEDTEXT” from the clipboard function unit 2. Here, as shown in the clipboard format correspondence information 21 in FIG. 3, the format number: n associated with the format name “ENCRYPTEDTEXT” is obtained. An API that acquires a format number corresponding to a format name is provided by the OS.

  The encrypted data acquisition unit 107 specifies the format number: n and requests the clipboard function unit 2 to acquire data, and the encrypted copy stored from the clipboard 20 in association with the format number: n. Get the data.

  The encrypted data decrypting unit 108 decrypts the encrypted copy data. Note that the encrypted data decryption unit 108 decrypts the encrypted data only when the execution process is in the protected state, that is, only in the protection process 15. In the protection process 15, the decrypted copy data is pasted.

  In the unprotected process 16 of the application 1, when the user instructs data pasting, the data acquisition unit 106 acquires data stored in association with normal format identification information.

  For example, in FIG. 3, when the text data is pasted, the data acquisition unit 106 converts the text data stored in association with the format number 1 of the normal text data format into the bitmap data. When pasting is performed, the bitmap data stored in association with the format number: 2 of the normal bitmap data format is acquired from the clipboard 20.

  However, as shown in FIG. 3, since the data stored in association with the format number 1 or 2 of the clipboard 20 is dummy data, the data acquisition unit 106 can acquire only dummy data. In the non-protection process 16, dummy data is pasted. Since the dummy data is data in a normal format that is not encrypted, there is no possibility of freezing due to pasting of the encrypted data.

  Thus, the encrypted copy data stored in the clipboard 20 in the protection process 15 can be acquired only by specifying the format identification information for the predetermined encrypted data in the protection process 15, and acquired in the non-protection process 16. The obtained encrypted copy data cannot be decrypted only by the protection process 15. Further, when copy data is stored in the clipboard 20 in the protection process 15, even if the paste is instructed in the non-protection process 16, the dummy data in the normal format is acquired from the clipboard 20. Therefore, it is possible to prevent freezing caused by forcibly pasting encrypted data while preventing leakage of information.

  Note that an application that does not include the clipboard information leakage prevention processing unit 100 according to the present embodiment does not have means for acquiring encrypted data from the clipboard 20 by specifying format identification information for predetermined encrypted data. Similar to the pasting of data in the non-protection process 16 described above, unencrypted dummy data in a normal format is acquired.

  Further, even if an application that does not include the clipboard information leakage prevention processing unit 100 according to the present embodiment acquires encrypted data from a predetermined encrypted data format area of the clipboard 20, the encrypted data is decrypted. Since there is no key, information leakage through the clipboard 20 is prevented.

  Although an example of acquiring copy data stored in the clipboard 20 in the protection process 15 has been described here, the same applies to acquisition of cut data stored in the clipboard 20 in the protection process 15.

  FIG. 4 is a diagram showing a specific example when data copying is performed in the application protection process according to the present embodiment.

  In the file system 3, the file of the protected document a is in an encrypted state in order to protect the information. The file of the protected document a is opened in the protected state in the application 1 when the protected document a is browsed / edited, and is decrypted at this time. When the file of the protected document a is closed, it is encrypted again. That is, the protected document a is in an encrypted state on the file system 3, and is in an unencrypted state only when browsing / editing in the protection process 15a in which the document information is protected.

  Further, the protected document b is the same as the protected document a, and is in a non-encrypted state only at the time of browsing / editing in the protection process 15b in which the document information is protected.

  Note that the protection process 15a and the protection process 15b may be processes executed by the same application 1 including the clipboard information leakage prevention processing unit 100 according to this embodiment, and each of them is according to this embodiment. A process executed by a different application 1 including the clipboard information leakage prevention processing unit 100 may be used.

  In the unprotected process 16c of the application 1, the unprotected document c whose document information is not protected is browsed / edited. Although omitted in FIG. 4, it is assumed that the unprotected document c file is not encrypted even on the file system 3.

  In the protection process 15a of the application 1, it is assumed that a copy of a partial sentence of the protected document a being viewed / edited is instructed. At this time, dummy data in a normal text data format (format number: 1) is stored in the clipboard 20 in plain text. In addition, text data (copy data) of a partial sentence instructed to be copied is encrypted and stored in the clipboard 20 in association with format identification information (format number: n) for predetermined encrypted data. That is, the copy data is stored in the clipboard 20 in a ciphertext.

  Assume that the protection process 15b of the application 1 is instructed to paste the copy text (text data) stored in the clipboard 20 to the protected document b being viewed / edited. At this time, the clipboard 20 stores copy data (ciphertext) associated with predetermined encrypted data format identification information (format number: n), so that data is acquired. The copy text obtained by decrypting the acquired copy data (cipher text) is pasted on the protected document b.

  Since the protected document b is a document whose information is protected, it is encrypted when closed. That is, on the file system 3, the file of the protected document b is encrypted.

  In the non-protection process 16c of the application 1, it is assumed that the copy text (text data) stored in the clipboard 20 is instructed to the protected document c being viewed / edited. At this time, since the non-protected process 16c is not permitted to acquire data associated with the format identification information (format number: n) for predetermined encrypted data on the clipboard 20, normal text data on the clipboard 20 is not permitted. Data associated with the format identification information (format number: 1) is acquired. Since the data associated with the acquired identification information (format number: 1) of the normal text data format is dummy data, the dummy data is pasted on the unprotected document c.

  Thus, the data stored in the clipboard 20 by the protection process 15 can be acquired, decrypted, and pasted only by the protection process 15. In the unprotected process 16, since plain text dummy data is acquired and pasted, information leakage through the clipboard 20 is prevented and application freeze due to forced pasting of encrypted data is prevented.

  Note that, in the application that does not include the clipboard information leakage prevention processing unit 100 according to the present embodiment, it is associated with the identification information (format number: 1) of the normal text data format of the clipboard 20 as in the case of the unprotected process 16. Since the acquired data is acquired, dummy data is acquired and pasted. That is, even in an application that does not include the clipboard information leakage prevention processing unit 100 according to the present embodiment, information leakage through the clipboard 20 is prevented, and application freeze due to forced pasting of encrypted data is prevented. .

  Further, since the data of the protected document is in an encrypted state except during browsing / editing in the protection process 15, the encrypted protected document file on the file system 3 or the encryption stored in the clipboard 20 is stored. Even if data leaks, if the key to decrypt them does not leak, information will not leak from there.

  FIG. 5 is a diagram showing a specific example when data copying is performed in the application non-protection process according to the present embodiment.

  In the unprotected process 16d of the application 1, the unprotected document d whose document information is not protected is browsed / edited. The unprotected document d is not encrypted even on the file system 3 because it is not necessary to protect the document information.

  Similarly to the non-protected document d, the non-protected document f is a document that is browsed / edited by the non-protected process 16f in which the document information is not protected.

  In the protection process 15e of the application 1, the protected document e in which the document information is protected is browsed / edited. The protected document e is in an unencrypted state only during browsing / editing in the protection process 15e in which the document information is protected. Although omitted in FIG. 5, the file of the protected document e is assumed to be encrypted on the file system 3.

  In the unprotected process 16d of the application 1, it is assumed that a copy of a partial sentence of the unprotected document d being viewed / edited is instructed. At this time, the copy data associated with the identification information (format number: 1) of the normal text data format is stored in the clipboard 20 in plain text. In the unprotected process 16, dummy data or encrypted data is not stored in the clipboard 20.

  In the protection process 15e of the application 1, it is assumed that the copy document (text data) stored in the clipboard 20 is instructed to the protected document e being viewed / edited. At this time, since the copy data (encrypted text) associated with the format identification information (format number: n) for the predetermined encrypted data is not stored in the clipboard 20, the identification information of the normal text data format Copy data (plain text) associated with (format number: 1) is acquired, and the copied text is pasted on the protected document e.

  It is assumed that in the application non-protection process 16f, an instruction to paste the copy text (text data) stored in the clipboard 20 on the non-protected document f being viewed / edited is given. At this time, in the unprotected process 16f, copy data (plain text) associated with the identification information (format number: 1) of the normal text data format on the clipboard 20 is acquired, and the copied text is pasted on the unprotected document f. Attached.

  As described above, the data stored in the clipboard 20 by the non-protection process 16 is acquired and pasted in the same manner as in the past regardless of whether it is the protection process 15 or the non-protection process 16. That is, even when the application 1 including the clipboard information leakage prevention processing unit 100 according to this embodiment is used, the convenience of the clipboard 20 is not impaired.

  FIG. 6 is a diagram for explaining an example in which data copy is performed in the application protection process according to the present embodiment and copy data is pasted in the non-protection process.

  In FIG. 6, the dummy associated with the identification information (format number: 1) of the normal text data format by the protection process 15 executed by the application 1 having the clipboard information leakage prevention processing unit 100 according to the present embodiment. It is assumed that the data (non-encrypted) and copy data (encrypted) associated with predetermined encrypted data format identification information (format number: n) are stored in the clipboard 20.

  The unprotected process 16g for browsing / editing the unprotected document g and the unprotected process 16h for browsing / editing the unprotected document h are executed by the application 1 including the clipboard information leakage prevention processing unit 100 according to the present embodiment. Unprotected process 16.

  When the data stored by the protection process 15 exists on the clipboard 20 and the non-protection process 16 is instructed to paste the data, two countermeasures can be considered.

  The first is a pattern in which dummy data associated with identification information (format number: 1) in the normal text data format on the clipboard 20 is acquired and dummy data is pasted into an unprotected document, as described above. is there.

  In FIG. 6, in the unprotected process 16g, copy data (encryption) associated with predetermined encrypted data format identification information (format number: n) is not acquired, and the text data format of the clipboard 20 is identified. Dummy data (unencrypted) associated with the information (format number: 1) is acquired, and the dummy data is pasted on the unprotected document g.

  The second pattern is a pattern in which copy data (encryption) in a predetermined encrypted data format (format number: n) is pasted using a non-protected document as a pasting destination as a protected document. At this time, the state of the execution process is changed from the unprotected state to the protected state.

  It is assumed that data pasting is instructed in the unprotected process 16h of the application 1. At this time, since the clipboard 20 stores copy data (encryption) associated with predetermined encrypted data format identification information (format number: n), an application that executes the unprotected process 16h. 1 non-protection / protection state transition unit 109 shifts the state of the execution process from the non-protection state to the protection state. That is, the execution process is the protected process 15h ', and the unprotected document h being browsed / edited is the protected document h' whose information is protected.

  In the protection process 15 h ′ of the application 1, copy data (encrypted) associated with format identification information (format number: n) for predetermined encrypted data stored in the clipboard 20 is acquired. The copy text obtained by decrypting the acquired copy data (encrypted) is pasted on the protected document h ′. Since the protected document h ′ is a document whose information is protected, it is encrypted when closed, and the file of the protected document h ′ is encrypted on the file system 3.

  The determination of whether or not to shift the state of the execution process from the non-protected state to the protected state can be made in various designs such as “always shift” and “see user's instruction”. For example, it is possible to design such as “if you are instructed by the user”, transition from the unprotected state to the protected state when instructed to transition, and obtain the above dummy data when instructed not to transition. It is.

  The state of the execution process is changed from the unprotected state to the protected state, and the encrypted data associated with the format identification information for the predetermined encrypted data stored in the clipboard 20 is acquired, decrypted and pasted. By doing so, it is possible to prevent the application from being frozen by forcibly pasting the encrypted data.

  As described above, when the data stored by the protection process 15 exists on the clipboard 20 and the non-protection process 16 is instructed to paste the data, a method of pasting dummy data or an execution process There is a method of shifting the state from the unprotected state to the protected state. In any method, the convenience of the clipboard 20 is not lost while preventing leakage of information.

  FIG. 7 is a process flowchart at the time of copying / cutting by the application of the present embodiment.

  If there is a data copy or cut operation by the user during execution of application 1 (YES in step S10), whether the current execution process is a protected process, that is, whether the current execution process is in a protected state Is confirmed (step S11).

  If the current execution process is a protected process (YES in step S11), dummy data is stored in the clipboard 20 in association with normal format identification information used in the non-protected process (step S12). At this time, the dummy data may be stored in the clipboard 20 in a plurality of formats such as text data, bitmap data, and native data of the application 1.

  A predetermined format for encrypted data is registered in the clipboard 20 (step S13). The copy data or cut data designated by the user is encrypted (step S14), and the encrypted copy data or cut data is stored in the clipboard 20 in association with the format identification information for predetermined encrypted data (step S14). Step 15). At this time, predetermined encrypted data formats corresponding to a plurality of formats such as text data, bitmap data, and native data of the application 1 are registered in the clipboard 20, and copy data or cut data is converted into the respective formats. It may be converted and encrypted, and stored in the clipboard 20 in association with the corresponding format identification information for predetermined encrypted data.

  If the current execution process is not a protected process (NO in step S11), that is, if the current execution process is in an unprotected state (the execution process is an unprotected process), the normal format used in the unprotected process The copy data or cut data designated by the user is stored in the clipboard 20 in association with the identification information (step S16). At this time, the copy data or cut data is converted into a plurality of formats such as text data, bitmap data, and native data of the application 1, and stored in the clipboard 20 in association with the corresponding format identification information. May be.

  FIG. 8 and FIG. 9 are process flowcharts when pasting by the application of the present embodiment.

  If there is a data paste operation by the user during execution of the application 1 (YES in step S20), it is confirmed whether the current execution process is a protection process, that is, whether the current execution process state is a protection state. (Step S21).

  If the current execution process is a protection process (YES in step S21), it is confirmed whether or not there is data associated with a predetermined format identification number for encrypted data on the clipboard 20 (step S22).

  If there is data associated with the format identification information for the predetermined encrypted data on the clipboard 20 (YES in step S22), the format identification information for the predetermined encrypted data is designated and the encrypted data is read from the clipboard 20 (Encrypted copy data or cut data) is acquired (step S23), the acquired encrypted data is decrypted (step S24), and the decrypted data is pasted (step S25).

  If there is no data associated with the format identification information for the predetermined encrypted data on the clipboard 20 (NO in step S22), the normal format identification information used in the unprotected process is designated, and data is transferred from the clipboard 20 Is acquired (step S26), and the acquired data is pasted (step S27).

  If the current execution process is not a protected process (NO in step S21), that is, if the current execution process is in an unprotected state (the execution process is an unprotected process), the clipboard 20 stores a predetermined encrypted data. It is confirmed whether there is data associated with the format identification information (step S28).

  If there is data associated with the format identification information for the predetermined encrypted data on the clipboard 20 (YES in step S28), it is confirmed whether or not the current execution process state is to be shifted from the unprotected state to the protected state ( Step S29). The confirmation of the state transition of the execution process may be confirmation for the user or confirmation for a predetermined policy.

  When shifting the state of the execution process to the protected state (YES in step S29), the state of the current execution process is shifted from the unprotected state to the protected state (step S30), and the format identification for the predetermined encrypted data is determined. Specifying information, obtaining encrypted data (encrypted copy data or cut data) from the clipboard 20 (step S31), decrypting the obtained encrypted data (step S32), and decrypting the decrypted data Paste (step S33).

  When there is no data associated with the format identification information for the predetermined encrypted data on the clipboard 20 (NO in step S28), or when the state of the execution process is not shifted to the protected state (NO in step S29). ), Specifying the normal format identification information used in the unprotected process, obtaining data from the clipboard 20 (step S34), and pasting the obtained data (step S35).

  Although the present embodiment has been described above, the present invention can naturally be modified in various ways within the scope of the gist thereof.

  For example, in this embodiment, when copying or cutting is instructed in the protection process, dummy data is stored in the clipboard 20 in association with the normal format identification information. The associated dummy data may not be stored.

  When data paste is instructed according to the specifications of the application or the OS, there is a type that confirms the existence of data in each format in a predetermined order from the normal format, and acquires the first confirmed data from the clipboard 20 . In this case, if there is no data in which the normal format is specified in the clipboard 20, encrypted data in which the format for the predetermined encrypted data is specified can be acquired from the clipboard 20 even in the unprotected process. There is sex.

  Even in such a case, if dummy data is stored in the clipboard 20 in association with normal format identification information, dummy data is first acquired when data paste is instructed in an unprotected process. It is possible to prevent the encrypted data associated with the format identification information for the encrypted data from being obtained from the clipboard 20 in the unprotected process.

It is a figure which shows the structural example of the application provided with the clipboard information leakage prevention process part by this Embodiment. It is a figure explaining storage of the copy data to a clipboard in the protection process of the application by this Embodiment. It is a figure explaining acquisition of the copy data from a clipboard by the application of this Embodiment. It is a figure which shows the specific example when a data copy is performed in the protection process of the application by this Embodiment. It is a figure which shows the specific example when a data copy is performed in the non-protection process of the application by this Embodiment. It is a figure explaining the example in which data copy is performed by the protection process of the application by this Embodiment, and paste of copy data is performed by a non-protection process. It is a process flowchart at the time of the copy / cut by the application of this Embodiment. It is a process flowchart at the time of the paste by the application of this Embodiment. It is a process flowchart at the time of the paste by the application of this Embodiment. It is a figure explaining the mechanism of a clipboard. It is a figure explaining the technique which prevents information leakage by prohibiting use of a clipboard by an application. It is a figure explaining the example of the technique in which the application which handles a protected document encrypts copy data, and stores it in a clipboard. It is a figure explaining the problem of the technique in which the application which handles a protected document encrypts copy data, and stores it in a clipboard.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Application 11 Copy / cut processing part 12 Paste processing part 100 Clipboard information leak prevention processing part 101 Data storage part 102 Dummy data storage part 103 Format registration part 104 Data encryption part 105 Encrypted data storage part 106 Data acquisition part 107 Encryption Encrypted data acquisition unit 108 Encrypted data decryption unit 109 Unprotected / protected state transition unit 2 Clipboard function unit 20 Clipboard 21 Clipboard format correspondence information

Claims (4)

Information that has a protected state in which protection of data handled in an application program is required and an unprotected state in which protection of data to be handled is not required, and prevents information leakage of data that is copied or cut in the protected state A leakage prevention program,
Computer
A data encryption unit for encrypting data instructed to copy or cut when data copy or cut is instructed in the protection state;
An encrypted data storage unit for storing the encrypted data in a shared memory area in association with format identification information for predetermined encrypted data;
An encrypted data acquisition unit for specifying format identification information for the encrypted data and acquiring the encrypted data from the shared memory area when data paste is instructed in the protected state;
An information leakage prevention program for functioning as an encrypted data decryption unit for decrypting the obtained encrypted data. Said computer,
As a dummy data storage unit that stores dummy data in the shared memory area in association with format identification information used in the unprotected state when data copy or cut is instructed in the protected state The information leakage prevention program according to claim 1 for making it happen. Said computer,
When the pasting of data is instructed in the unprotected state, if encrypted data is stored in the shared memory area in association with the format identification information for the encrypted data, the execution process is The information leakage prevention program according to claim 1 or 2, wherein the information leakage prevention program is configured to function as a non-protection / protection state transition unit that transitions from a protection state to a protection state. Information that has a protected state in which protection of data handled in an application program is required and an unprotected state in which protection of data to be handled is not required, and prevents information leakage of data that is copied or cut in the protected state A leakage prevention method,
Computer
Encrypting data instructed to copy or cut when data copy or cut is instructed in the protection state;
Storing the encrypted data in a shared memory area in association with format identification information for predetermined encrypted data;
A step of designating format identification information for the encrypted data when data paste is instructed in the protected state, and acquiring the encrypted data from the shared memory area;
And a step of decrypting the acquired encrypted data. An information leakage prevention method, comprising:

Images