JP5141959B2 - Container and document management system - Google Patents

Description

  The present invention relates to a container for storing documents and a document management system.

  Conventionally, entry into and exit from a confidential space is often made possible by an individual being authenticated by a personal authentication device provided at the entrance and exit of the confidential space. Therefore, even if the document is a confidential document, it is possible to take the confidential document out of the confidentiality holding space if the individual is authenticated by the personal authentication device.

Patent Document 1 discloses an article lending system that can detect the occurrence of unauthorized take-out of articles in a short time.
Patent Document 2 discloses a take-out monitoring system and method, and a take-out monitoring terminal that can prevent theft of the article by issuing a warning according to various situations of the take-out monitoring terminal attached to the article. .
Patent Document 3 discloses a theft monitoring system that reliably monitors theft when the object to be monitored for theft is a carry-on item.

JP 2001-266261 A JP 2007-41716 A JP 2004-240857 A

  However, when a confidential document is taken out of the confidentiality space, the content of the confidential document may be leaked outside the confidentiality space due to snooping or loss.

  An object of the present invention is to provide a container and a document management system capable of preventing leakage of information even when a confidential document is taken out of a confidential holding space.

  In order to achieve the above object, a container according to the present invention includes a container body, a storage device that stores one of a permitted state and a prohibited state, and a state that is stored in the storage device is permitted. It has an entry / exit control means for making the contents stored in the container main body ready to be taken in and out, and for prohibiting the contents stored in the storage device from being taken in and out. According to the present invention, since putting in / out of the contents is restricted according to the stored state, when the stored state is prohibited, the confidential document is taken out of the confidential holding space. In addition, information leakage can be prevented.

  The document management system according to the present invention includes: a container main body; a storage device that stores a state of permission or prohibition; and a state stored in the storage device that is permitted. When the state stored in the storage device is prohibited, the container is provided with an access control means for prohibiting the storage of the contents of the container body, and stored in the storage device of the container. When the state change device that changes the state being stored and the state stored in the storage device of the container are prohibited, the state that is allowed to pass through the container and stored in the storage device of the container is permitted , A closed space provided with an entry / exit part that does not allow the container to pass therethrough. According to the present invention, only when the state stored in the container is prohibited, the container is taken out of the security holding space, and in this case, the contents cannot be taken in and out. Information can be prevented from being leaked even while being taken out.

  Preferably, a plurality of the closed spaces are provided. According to the present invention, leakage of information can be prevented even while a confidential document is being transported from the first confidentiality holding space to the second confidentiality holding space.

  Preferably, an authority for associating the container, a closed space in which the state stored in the storage device of the container is changed, and a user who can change the state stored in the storage device of the container is stored. Further includes an authority storage means. According to the present invention, it is possible to set the user who can take in and out the container from the container for each confidential holding space.

  Preferably, the authority storage means stores an authority for further associating the container with a period in which the state stored in the storage device of the container can be changed. According to the present invention, the period during which the contents can be taken in and out of the container can be set for each container.

  Preferably, the authority storage means is included in the storage device of the container. According to the present invention, a common server having authority storage means can be eliminated.

  Preferably, the apparatus further includes history storage means for storing a history of changes in the state of the storage device of the container. According to the present invention, it is possible to trace a trace of movement of a confidential document based on the stored history.

  According to the present invention, it is possible to prevent information leakage even when a confidential document is taken out of the confidentiality holding space.

FIG. 1 is a diagram showing a configuration of a document management system 1 according to an embodiment of the present invention.
As shown in FIG. 1, the document management system 1 according to the present embodiment includes a document management server 10 and confidential storage spaces 100-1 to 100-n connected via a network 106. The network 106 is configured by, for example, a LAN (Local Area Network) and a WAN (Wide Area Network). The network 106 may be wired or wireless. Therefore, the document management server 10 and the confidential holding spaces 100-1 to 100-n transmit and receive data via the network 106.

  The document management server 10 stores information about confidential storage spaces 100-1 to 100-n, users, containers and authorities, and manages the movement history of containers carried between the confidential storage spaces 100-1 to 100-n. To do. Information stored in the document management server 10 will be described in detail later.

  The confidential holding spaces 100-1 to 100-n (closed spaces) are, for example, buildings, rooms, offices, stores, and the like. Gates 102 (entrance / exit portions) are provided at the entrances and exits of the confidential holding spaces 100-1 to 100-n. In the case where any one of a plurality of components such as the security holding spaces 100-1 to 100-n is indicated without being specified, the security holding space 100 may be simply abbreviated.

  A user passes through the gate 102 when entering or leaving the security space 100. Therefore, an article such as a document or a container is taken out of the security holding space 100 by the user via the gate 102 and brought into the security holding space 100.

FIG. 2 is a diagram showing a configuration of the confidentiality holding space 100 according to the present embodiment.
As shown in FIG. 2, the confidentiality space 100 includes a space management server 14, a read / write device 16, an alarm device 18, and a gate 102, and a personal authentication device 20 and a document detection device 22 are provided in the gate 102. ing. The space management server 14, the reading / writing device 16, the alarm device 18, the personal authentication device 20, and the document detection device 22 are connected so as to be able to transmit and receive data via the network 12 that is a LAN, for example.

  The space management server 14 receives data from the components included in the confidentiality space 100 and controls the components based on this data. The space management server 14 transmits data to the document management server 10 via the network 106 and receives data transmitted from the document management server 10.

  The read / write device 16 (state change device) is, for example, an RFID (Radio Frequency Identification) tag reader / writer, and is provided in the confidentiality holding space 100. The read / write device 16 reads data stored in the RFID tag (described later with reference to FIG. 3) of the container. Further, the reading / writing device 16 writes data to the RFID tag of the container and changes the data stored in the RFID tag. The read / write device 16 transmits the read data and the written data to the space management server 14. Further, the read / write device 16 includes a user authentication device (not shown) and authenticates the individual, similarly to the personal authentication device 20 described later. For simplicity, the read / write device 16 authenticates an individual by communicating with an RFID tag in the authentication card. Therefore, the reading / writing device 16 changes the data stored in the RFID tag only when the user who is permitted to open and close the container is authenticated in the confidentiality holding space 100 in which the reading / writing device 16 is arranged.

  The alarm device 18 is controlled by the space management server 14 to generate an alarm. For example, the alarm device 18 performs display of a warning message, blinking of a lamp, sound of an alarm sound, transmission of an alarm mail to an administrator, and the like.

  The personal authentication device 20 authenticates the individual holding the authentication card by wirelessly reading personal information (for example, a user ID) stored in an authentication card such as a contactless IC card. If the personal authentication device 20 confirms that the read personal information has authority to pass, a door (not shown) is opened and the gate 102 is allowed to pass. When the user passes through the gate 102, it is confirmed by a passage detection sensor (not shown) that the user has passed, the door is closed, and the gate 102 cannot pass.

  The document detection device 22 generates an oscillating magnetic field having a predetermined intensity and detects a document that enters a monitoring area formed by the oscillating magnetic field. Specifically, the document detection device 22 has a detection coil (not shown), and the detection coil generates magnetization caused when a paper in which a magnetic material exhibiting a large Barkhausen effect such as a magnetic wire is inserted enters a magnetic field. Detect inversion. The document detection device 22 outputs a detection signal to the document management server 10 when detecting the paper in which the magnetic material is inserted. Accordingly, when the user passes the gate 102 with the confidential document, it is possible to specify the user who has taken the confidential document out of the confidentiality holding space 100.

  The gate 102 acquires the state stored in the RFID tag of the container based on information stored in the personal authentication device 20, the document detection device 22, and a database described later, and if the acquired state is prohibited, the container Allow users to carry in and out. Therefore, the gate 102 allows the closed container together with the user to pass through. Further, when the acquired state is permission, the gate 102 prohibits entry / exit of a user carrying the container. Accordingly, the gate 102 does not pass containers that remain open with the user.

  FIG. 3 is a view showing a container used when a document is carried between the confidentiality spaces 100 in the document management system 1 according to the embodiment of the present invention. FIG. FIG. 3B shows a sandwich-type container 120, and FIG. 3C shows a cylindrical container 130. FIG. The container used in the document management system 1 may have any of the modes shown in FIGS. 3 (A) to 3 (C). In addition, the container shown by FIG. 3 is an illustration, and the aspect of a container is not limited to this example.

  As shown in FIG. 3A, the container 110 has a container main body 114 to which a tag 112 is attached, and the container main body 114 is provided with an opening 116 for taking in and out the contents. The opening 116 is provided with a lock mechanism 118.

  The tag 112 is an RFID tag, for example, and operates with electric power generated by radio waves emitted from the read / write device 16. Specifically, the tag 112 includes a memory (not shown), an antenna, a power supply circuit that rectifies and smoothes signals captured by the antenna and supplies power to each component of the tag 112, and a power supply voltage generated by the power supply circuit. From a limiter that limits the signal from exceeding a predetermined value, a clock generation circuit that regenerates a clock signal from a square wave included in a signal input from an antenna, and a modulation circuit that changes the intensity of a response signal returned to the read / write device 16 Composed. The tag 112 functions as a storage device by storing the container ID of the container 110 and the state of either permission or prohibition in a memory so that it can be read and written. Note that the RFID tag is also called a wireless (IC) tag, a wireless (IC) chip, or the like.

  The container main body 114 is a housing that is entirely or partially made of a material that transmits electric and magnetic fields so that an electromagnetic field penetrates into the container. The transmission material is plastic, for example, but a part of the frame may be metal in order to increase mechanical strength. Therefore, the container main body 114 accommodates a sheet in which a magnetic material is inserted or a sheet to which a storage device such as an RFID tag is attached so as to be detectable from the outside.

  The opening 116 is provided with a palate operable in the inner direction of the container main body 114, and the operation of the palate is controlled by a lock mechanism 118. Instead of the opening 116, the container main body 114 may be independently provided with an insertion portion for inserting the contents and a discharge portion for taking out the contents.

  When the state stored in the tag 112 is permitted, the lock mechanism 118 (in / out control means) opens the opening 116 so that the contents in the container main body 114 can be taken in and out, and is stored in the tag 112. When the state is prohibited, the opening 116 is closed, and the contents stored in the container body 114 are prohibited. Therefore, the contents can be taken in and out only after the opening 116 is controlled to be in the open state in the lock mechanism 118.

  For example, the lock mechanism 118 operates by an electromagnetic induced electromotive force due to a change in magnetic force. In this case, the lock mechanism 118 is operated by a magnetic field generated from the read / write device 16. Note that power may be supplied by a battery or the like.

  As shown in FIG. 3B, the container 120 has a binder-type container main body 124 with a tag 122 attached, and the container main body 124 has a lock mechanism 128 that locks the container main body 124 in a folded state. Is provided. A plurality of fastening portions 126 (fitting pins) for preventing the document from dropping are provided on the upper and lower portions of the container main body 124. The container body 124, the tag 122, and the lock mechanism 128 function in the same manner as the container body 114, the tag 112, and the lock mechanism 118 shown in FIG.

  As shown in FIG. 3C, the container 130 has a cylindrical container main body 134, and the container main body 134 is provided with a lock mechanism 136 that locks the upper lid to which the tag 132 is attached to the container main body 134. ing. The container body 134 can accommodate a document by curling it. Therefore, even when the container main body 134 is formed of a transparent material, the contents of the stored items are prevented from being grasped from the outside.

FIG. 4 is a diagram illustrating a hardware configuration of the document management server 10 and the space management server 14.
As shown in FIG. 4, the document management server 10 or the like includes a CPU 30, a memory 32, a storage device 34 such as a hard disk drive, a communication interface (IF) 36 that performs data communication via the networks 12 and 106, a keyboard, a mouse, and the like. Input device 38 and a display device 40 such as a liquid crystal display. These components are connected via a bus 42 so that data can be input and output.

  FIG. 5 is a diagram showing a database (DB) stored in the document management server 10. FIG. 5A shows a user DB 50, FIG. 5B shows a container DB 52, and FIG. ) Shows the location DB 54, and FIG. 5D shows the authority DB 56. The user DB 50, the container DB 52, the location DB 54, and the authority DB 56 (hereinafter also abbreviated as the user DB 50) are realized by at least one of the memory 32 and the storage device 34 of the document management server 10.

  As shown in FIG. 5A, the user DB 50 stores user information of each user. The user information includes a user ID that uniquely identifies the user and the user's name. Note that the items included in the user information are examples, and other items may be included.

  As shown in FIG. 5B, container information of each container is stored in the container DB 52. The container information includes a container ID and a container name that uniquely identify the container. Note that the items included in the container information are examples, and other items may be included. For example, a user ID indicating a user who can use the container may be included.

  As shown in FIG. 5C, the location DB 54 stores location information of each confidential holding space 100. The confidentiality space information includes a location ID and a location name that uniquely identify the confidentiality space. Note that the items included in the location information are examples, and other items may be included.

  As shown in FIG. 5D, authority information is stored in the authority DB 56 (authority storage means). The authority information corresponds to the container 110, the confidentiality space 100 in which the state stored in the tag 112 of the container 110 is changed, and the user who can change the state stored in the tag 112 of the container 110. Information. That is, the authority information includes an authority ID for uniquely identifying the authority, a user ID (registered user) of the user DB 50, a container ID (registered container) of the container DB 52, and a place ID (place) of the place DB 54. Therefore, the authority information determines who can open and close which container 110 in which confidentiality holding space 100.

  For example, the user 00001 can open and close the registered container 101 at the location A1 (authority 1101). Further, for example, the user 00001 can open and close the registered container 101 at the place A2 (authority 1103). If the document is a document that is viewed by a plurality of users, such as a circulation document or a request for approval, authority may be registered so that the container 110 can be opened and closed by the plurality of users.

  The authority information may further associate the container 110 with a period during which the state stored in the tag 112 of the container 110 can be changed. In this case, the authority information determines which container 110 can be opened and closed in which secret holding space 100 in which period. Thereby, the movement of the container between the confidential holding spaces can be limited in time. Further, the authority information may be in a form in which a user whose status is prohibited is registered. Further, the authority information may be in a form in which both a user who is permitted to change the state and a user who is prohibited from changing the state are registered.

FIG. 6 is a diagram showing the history DB 58 stored in the document management server 10.
As shown in FIG. 6, history information is stored in the history DB 58. The history information includes a place ID (place) in the place DB 54, a user ID (registered user) in the user DB 50, a container ID (registered container) in the container DB 52, and contents of changes in the state stored in the tag 112 of the container 110 ( State transition) and time stamp information (time) when the state is changed.

  The state transition is information indicating how the state stored in the tag 112 of the container 110 has been changed by the read / write device 16. For example, it is stored in the state transition that the stored state is changed from permitted to prohibited. The time stamp information stores the date and time when the state is changed. The history DB 58 is realized by at least one of the memory 32 and the storage device 34 of the document management server 10.

Next, in the document management system 1 according to the embodiment of the present invention, an operation in which a document is stored in the container 110 and carried between the confidentiality holding spaces 100 will be described.
FIG. 7 is a sequence diagram showing an operation (S10) in which the state stored in the tag 112 of the container 110 (container name ABC) is changed. In FIG. 7, the user (user ID 00001) accommodates the document in the container 110 (container ID 101) under the conditions shown in FIG. 5, and the confidential storage space 100-2 from the confidential storage space 100-1 (location A1). Take the case of moving to (location A2) as an example.

  First, the permission state is stored in the tag 112 of the container 110. The opening 116 of the container 110 is locked by the lock mechanism 118 of the container 110, and the contents can be taken in and out. Therefore, the user can store the document in the container 110 through the opening 116. In the confidential holding space 100-1, after the user stores the document in the container 110, the user brings the authentication card held by the user and the tag 112 of the container 110 close to the reading / writing device 16. Then, the document management system 1 operates as follows.

  In step 100 (S100), the read / write device 16 reads the user ID from the approached authentication card and reads the container ID from the tag 112 of the container 110.

  In step 102 (S102), the reader / writer 16 inquires of the space management server 14 via the network 12 whether or not the user has the authority to open and close the container 110 in the confidentiality holding space 100-1. The space management server 14 receives an inquiry from the reading / writing device 16.

  In step 104 (S104), the space management server 14 makes an inquiry to the document management server 10 in the same manner. The document management server 10 receives an inquiry from the space management server 14.

  In step 106 (S106), the document management server 10 refers to the authority DB 56 (FIG. 5D), and the authority DB 56 includes authority information for the user to open and close the container 110 in the confidentiality holding space 100-1. Determine whether or not.

In step 108 (S108), the document management server 10 makes a response to the inquiry from the space management server 14. Specifically, since the authority ID 1101 is included in the authority DB 56, a “go” determination is returned.
In step 110 (S110), the space management server 14 performs a result response to the inquiry from the reading / writing device 16 based on the result response of the document management server 10.

  In step 112 (S112), when the reading / writing device 16 accepts a result indicating that the user has authority (response of the judgment), the reading / writing device 16 writes the prohibited state to the tag 112 of the container 110 and stores the stored state. Change from allowed to prohibited. Thereby, the lock mechanism 118 closes and locks the opening 116. Therefore, the contents in the container 110 are in a state where entry / exit is prohibited.

In step 114 (S114), the read / write device 16 transmits to the space management server 14 that the state stored in the container 110 has been changed from permitted to prohibited.
In step 116 (S116), the space management server 14 transmits the same content to the document management server 10.

  In step 118 (S118), the document management server 10 adds history information to the history DB 58 (FIG. 6). Specifically, the document management server 10 adds history information indicating that the user has changed the state stored in the container 110 from permitted to prohibited at the time in the confidentiality space 100-1 (for example, , First history information shown in FIG. 6).

  In the process of S112, the read / write device 16 does not change the state stored in the tag 112 of the container 110 when receiving a result indicating that the user is not authorized (response of the non-judgment). In this case, the reading / writing device 16 outputs a ringing signal to the alarm device 18, and the alarm device 18 issues an alarm.

  The user tries to pass through the gate 102 of the confidential holding space 100-1 while holding the container 110 containing the document. The personal authentication device 20 of the gate 102 performs personal authentication of the user, and the document detection device 22 detects a document stored in the container 110. Since the user is authenticated by the reading / writing device 16 as described above, the gate 102 is in a state in which the user can pass (for example, the door is opened). Therefore, the user can take the container 110 out of the confidential holding space 100-1 through the gate 102.

  The container 110 is locked outside the confidential holding space 100-1. For this reason, the document accommodated in the container 110 cannot be taken out. The user holds the container 110 and moves to the confidentiality holding space 100-2. The document is accommodated in the locked container 110 from the confidential holding space 100-1 to the confidential holding space 100-2, and the contents of the document are not confirmed.

  The user passes through the gate 102 of the confidentiality space 100-2 and enters the confidentiality space 100-2. Now, the prohibited state is stored in the tag 112 of the container 110. Therefore, the user brings the authentication card held by the user and the tag 112 of the container 110 close to the reading / writing device 16 in the confidentiality holding space 100-2. Then, the document management system 1 determines that the authority ID 1103 is included in the authority DB 56, and operates in the same manner as S10 described above. By the operation of S10, the permission state is written to the tag 112 of the container 110 by the reading / writing device 16, and the state stored in the tag 112 is changed from prohibition to permission. As a result, the lock mechanism 118 unlocks the opening 116 and puts the document in the container 110 into a state where it can be taken in and out. Therefore, the user can take out the document from the container 110 in the confidentiality holding space 100-2. Also, history information is newly added to the history DB 58 (for example, the second history information shown in FIG. 6).

  As described above, since the container 110 is in a state in which removal of the contents is prohibited while it is outside the confidentiality holding space 100, the container 110 is transported by a carrier other than the authorized user. However, the contents of the document are not confirmed.

  The RFID tag may be attached not only to the container 110 but also to the accommodation. The RFID tag stores a storage ID that uniquely identifies the storage. When the container 110 containing the contents is brought close to the reading / writing device 16, the reading / writing device 16 reads not only the container ID but also the contents ID. Thereby, it is possible to check the contents accommodated in the container 110 without opening the container 110.

  The database shown in FIGS. 5 and 6, such as the authority DB 56, may be stored in the space management server 14 of each confidentiality holding space 100. In this case, the space management server 14 does not need to query the document management server 10 for authority. A database such as the authority DB 56 may be stored in the tag 112 of each container 110 via the reading / writing device 16.

It is a figure which shows the structure of the document management system 1 which concerns on embodiment of this invention. It is a figure which shows the structure of the confidential holding space 100 which concerns on this embodiment. FIG. 3A is a diagram showing a container used when a document is carried between the confidentiality spaces 100 in the document management system 1 according to the embodiment of the present invention. FIG. 3A shows a box-shaped container 110. 3 (B) shows a sandwich-type container 120, and FIG. 3 (C) shows a cylindrical container 130. FIG. 2 is a diagram illustrating a hardware configuration of a document management server 10 and a space management server 14. FIG. 5A and 5B are diagrams illustrating a database (DB) stored in the document management server 10, in which FIG. 5A illustrates a user DB 50, FIG. 5B illustrates a container DB 52, and FIG. 5C illustrates a location DB 54. FIG. 5D shows the authority DB 56. 3 is a diagram showing a history DB 58 stored in the document management server 10. FIG. It is a sequence diagram which shows the operation | movement (S10) by which the state memorize | stored in the tag 112 of the container 110 is changed.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Document management system 10 Document management server 12 Network 14 Space management server 16 Reading / writing apparatus 18 Alarm apparatus 20 Personal authentication apparatus 22 Document detection apparatus 30 CPU
32 Memory 34 Storage device 36 Communication IF
38 input device 40 display device 50 user DB
52 Container DB52
54 Location DB54
56 Authority DB56
58 History DB58
100 Confidentiality holding space 102 Gate 106 Network 110 Container 112 Tag 114 Container body 116 Opening 118 Lock mechanism

Claims (6)

A container body;
A storage device for storing either the permitted or prohibited state;
When the state stored in the storage device is permitted, the contents stored in the container body can be put in and out, and when the state stored in the storage device is prohibited, the contents stored in the container body are put in and out. A container having access control means to be prohibited ;
A state changing device for changing the state stored in the storage device of the container;
An entrance / exit section permitting or prohibiting passage of the container;
A closed space with
A document management system having
When the state stored in the storage device of the container is prohibited, the entry / exit section permits the container to exit from the closed space, and the state stored in the storage device is permission Prohibiting the container from exiting the closed space
Document management system . The closed space is, the document management system according to claim 1 in which a plurality are provided. Authority storage means for storing authority for associating the container, a closed space in which the state stored in the storage device of the container is changed, and a user capable of changing the state stored in the storage device of the container the document management system according to claim 1 or 2 further comprising a. The document management system according to claim 3 , wherein the authority storage unit stores an authority that further associates the container with a period in which the state stored in the storage device of the container can be changed. The document management system according to claim 3 , wherein the authority storage unit is included in a storage device of the container. The document management system according to any of claims 1 to 5 further comprising a history storage means for storing a history of the state of the storage device of the vessel is changed.

Images