JP5609309B2 - Data providing method, data providing apparatus, data providing program, and data providing system - Google Patents

Description

The present invention relates to a data providing method, a data providing apparatus , a data providing program, and a data providing system that provide data via a network.

  2. Description of the Related Art In recent years, technologies that support various tasks performed by users by computer systems have been used. In this regard, there is a service form in which a user's business support is provided by an application provided by a computer system operated by a service provider. For example, SaaS (Software as a Service) is known as such a service form. By using SaaS, the user can use the business system without introducing a new computer in the company.

  Here, when business is performed according to the service form, user data is managed by a service provider's computer. For this reason, when user data is confidential information, a security problem arises. As a countermeasure, for example, it is conceivable that confidential information is encrypted and managed by a service provider's computer together with a key for encryption processing (see, for example, Patent Document 1). However, even with this method, there still remains a risk that data is illegally viewed by service providers.

  Therefore, there is a method of providing a relay device that converts information that needs to be concealed among user data to be managed by the service provider into a string of other characters and symbols between the user terminal and the service provider computer system. It is considered (for example, refer to Patent Document 2).

Special table 2007-537509 gazette JP 2008-177821 A JP 2007-133670 A JP 09-097216 A

  However, in the conventional method, it is necessary to newly introduce a relay device on the user side when using the computer system. For this reason, the work burden at the time of introduction of a relay apparatus and the burden of operation management become a problem. In particular, in the above service form, it is desired to provide a service without system modification on the user side.

The present invention has been made in view of these points, and provides a data providing method, a data providing apparatus , a data providing program, and a data providing system that can easily improve the safety of data. Objective.

In order to solve the above problems, a data providing method is provided. In this data providing method, when the data providing device receives a data acquisition request including predetermined identification information from the terminal device, the data providing device refers to the first storage unit that stores the registered data and the identification information in association with each other, acquires the registration data corresponding to the identification information included in the acquisition request, referring to the second storage unit for storing management information location information indicating the location of the keys used in the encryption process and the identification information has been correlated Then, the location information corresponding to the identification information included in the data acquisition request is acquired, the acquired registration data and the key stored in the information processing device indicated by the acquired location information are acquired by the terminal device and acquired. A program for decrypting the registration data acquired using the key thus transmitted is transmitted to the terminal device.

Moreover, in order to solve the said subject, the data provision apparatus which has a function which performs the process similar to the said data provision method is provided.
Moreover, in order to solve the said subject, the data provision program which makes a computer perform the process similar to the said data provision method is provided.
In order to solve the above problem, when the data providing device receives a data acquisition request from the terminal device, the location of the encrypted data corresponding to the data acquisition request and the key used for the encryption processing of the data And acquiring the key that is stored on the information processing device in the network to which the terminal device is connected and that is specified based on the acquired location information. A data providing method comprising: transmitting a program for decrypting data acquired using a generated key to a terminal device, wherein a network is restricted from being accessed from outside the network. Provided.
In order to solve the above problem, when a data acquisition request is received from a terminal device, encrypted data corresponding to the data acquisition request, and location information indicating the location of a key used for encryption processing of the data, Specified based on the acquired location information stored in an information processing device in the network to which the terminal device is connected and access from outside the network is restricted. A data providing apparatus is provided that includes a program for causing a terminal device to acquire a key to be executed and decrypting data acquired using the acquired key, and a transmission unit that transmits the program to the terminal device.
In order to solve the above problem, when a data acquisition request is received from a terminal device, encrypted data corresponding to the data acquisition request, and location information indicating the location of a key used for encryption processing of the data, And a key specified based on the acquired location information stored in an information processing device in the network to which the terminal device is connected and access from outside the network is restricted. And a data providing program for causing the computer to execute a process for transmitting to the terminal device a program for causing the terminal device to acquire data and decrypting the acquired data using the acquired key.
In order to solve the above-mentioned problem, data comprising a data providing device, a terminal device, and an information processing device connected to a network to which the terminal device is connected and access from outside the network is restricted In the providing system, when the data providing device receives the data acquisition request from the terminal device, the first storage unit that stores the encrypted data, the encrypted data corresponding to the data acquisition request, and the data Transmitting means for transmitting the location information indicating the location of the key used for encryption processing to the terminal device, and the information processing device includes second storage means for storing the key, and the terminal device is transmitted An acquisition unit that acquires a key specified based on the location information from the information processing apparatus; and a decryption processing unit that decrypts the encrypted data acquired using the acquired key. Data providing system is provided which is characterized.

Of data to improve the safety it can be easily realized.

It is a figure which shows the data provision apparatus which concerns on 1st Embodiment. It is a figure which shows the information processing system which concerns on 2nd Embodiment. It is a figure which shows the hardware constitutions of the data provision server of 2nd Embodiment. It is a figure which shows the function structure of the data provision server of 2nd Embodiment. It is a figure which shows the function structure of the terminal device of 2nd Embodiment. It is a figure which shows the function structure of the key management server of 2nd Embodiment. It is a figure which shows the example of a data structure of the user management table of 2nd Embodiment. It is a figure which shows the example of a data structure of the group management table of 2nd Embodiment. It is a figure which shows the example of a data structure of the data management table of 2nd Embodiment. It is a figure which illustrates the content of the schedule data of 2nd Embodiment. It is a figure which illustrates the screen at the time of starting utilization of a system. It is a figure which illustrates the setting screen of an encryption process. It is a figure which illustrates a schedule registration screen. It is a figure which illustrates the HTML document of a schedule registration screen. It is a figure which illustrates the function for performing encryption processing. It is a figure which illustrates a plan browsing screen. It is a figure which shows the 1st example of the HTML document of a plan browsing screen. It is a figure which shows the 2nd example of the HTML document of a plan browsing screen. It is a flowchart which shows the display process of a menu screen. It is a flowchart which shows a plan registration process. It is a flowchart which shows a plan registration screen response process. It is a flowchart which shows a key acquisition process. It is a flowchart which shows an encryption process. It is a flowchart which shows a plan browsing process. It is a flowchart which shows a plan browsing screen response process. It is a flowchart which shows a decoding process. It is a figure which shows the specific example of the data browsing method of 2nd Embodiment. It is a figure which shows the information processing system which concerns on 3rd Embodiment. It is a figure which shows the function structure of the terminal device of 3rd Embodiment. It is a figure which illustrates the content of the schedule data of 3rd Embodiment. It is a figure which shows the specific example of the data browsing method of 3rd Embodiment.

Hereinafter, the present embodiment will be described in detail with reference to the drawings.
[First Embodiment]
FIG. 1 is a diagram illustrating a data providing apparatus according to the first embodiment. The data providing device 1 manages user data used in the terminal device 2. In response to a request from the terminal device 2, the data providing device 1 provides user data managed by the device itself to the terminal device 2. The data providing apparatus 1 includes storage units 1a and 1b, a reception unit 1c, a processing unit 1d, and a transmission unit 1e.

The storage unit 1a stores registration data in association with predetermined identification information. The registration data is user data handled by a user who uses the terminal device 2, for example.
The storage unit 1b stores management information in which key location information for encryption processing by the terminal device 2 is defined in association with predetermined identification information. The terminal device 2 encrypts at least a part of data to be passed to the data providing device 1 using the key. The data to be subjected to encryption processing by the terminal device 2 is, for example, data such as a document or a chart created by a user who uses the terminal device 2. Alternatively, the data may indicate the location of data such as a document or a chart.

  The location information is information indicating the information processing device 3 and the key storage location in the information processing device 3. The identification information is information for identifying a user who uses the terminal device 2, for example.

  The receiving unit 1 c receives a request including predetermined identification information from the terminal device 2. The request type includes at least one of the following two types. That is, the request is either a data registration request for registering data in the data providing apparatus 1 or a data acquisition request for acquiring registration data from the data providing apparatus 1. The receiving unit 1c outputs the received request to the processing unit 1d.

The processing unit 1d and the transmission unit 1e execute the following process according to the content of the request.
(At the time of data acquisition)
(A1) When the request is a data acquisition request, the processing unit 1d refers to the storage units 1a and 1b and acquires location information and registration data corresponding to the identification information included in the data acquisition request. Then, the processing unit 1d generates a key acquisition program that causes the terminal device 2 to acquire a key from the information processing device 3 indicated by the location information. Further, the processing unit 1d outputs the registration data and the key acquisition program to the transmission unit 1e.

  (A2) When the transmission unit 1e acquires the registration data and the key acquisition program from the processing unit 1d, the transmission unit 1e transmits the information to the terminal device 2. The terminal device 2 that has received these pieces of information executes a key acquisition program and acquires a key from the information processing device 3. The terminal device 2 decrypts the registration data with the acquired key and provides the contents to the user.

(When registering data)
(B1) When the request is a data registration request, the processing unit 1d refers to the management information stored in the storage unit 1b and acquires location information corresponding to the identification information included in the data registration request. Then, the processing unit 1d generates a key acquisition program that causes the terminal device 2 to acquire a key from the information processing device 3 indicated by the location information. Further, the processing unit 1d outputs a key acquisition program to the transmission unit 1e together with information for data registration (for example, information on an input screen for inputting data).

  (B2) Upon acquiring the data registration information and the key acquisition program from the processing unit 1d, the transmission unit 1e transmits these information to the terminal device 2. The terminal device 2 that has received these pieces of information executes a key acquisition program and acquires a key from the information processing device 3. Then, the terminal device 2 transmits registration data generated by encrypting at least a part of data to be transmitted to the data providing device 1 using the acquired key. When the processing unit 1d acquires the registration data from the terminal device 2 via the reception unit 1c, the processing unit 1d stores the registration data in the storage unit 1a in association with the identification information.

  According to such a data providing device 1, when data acquisition is received from the terminal device 2, the storage unit 1 a is referred to, and registration data corresponding to the identification information included in the data acquisition request is acquired. Further, the storage unit 1b is referred to, and the location information corresponding to the identification information included in the data acquisition request is acquired. Further, the terminal device includes the acquired registration data and a program for causing the terminal device 2 to acquire the key stored in the information processing device 3 indicated by the location information and decrypting the registered data acquired using the acquired key. 2 is transmitted.

  Thereby, it is possible to easily improve the safety of data. Specifically, the terminal device 2 acquires a key for cryptographic processing from the information processing device 3 by executing a key acquisition program received from the data providing device 1. For this reason, it is not necessary to introduce the function into the terminal device 2 in advance. Further, it is not necessary to introduce a device having the function between the data providing device 1 and the terminal device 2 in advance. Therefore, the burden of introduction work and operation management is reduced.

  Further, the information processing apparatus 3 that stores the key is provided separately from the data providing apparatus 1. That is, since the data providing apparatus 1 only manages the location of the key, the registered data cannot be decrypted by the data providing apparatus 1 alone. For this reason, the security of the data passed to the data provision apparatus 1 can be improved.

  The information processing device 3 that stores the key cannot be referred to from the data providing device 1, but may be provided in a network that can be referred to from the terminal device 2. Thereby, the safety of data can be further improved.

  In the following embodiment, a case where the data providing apparatus 1 is applied to an information processing system capable of performing management such as registration and provision of data by a Web system will be described as an example.

[Second Embodiment]
FIG. 2 is a diagram illustrating an information processing system according to the second embodiment. This information processing system is a Web system that provides business services to a user company. Data for business is stored in the data providing server 100 managed by the service provider. By using the service, the user company can perform business without providing a server for the business in the company. Hereinafter, as an example of the business service, the provision of the schedule management service is shown and specifically described.

  In this information processing system, the data providing server 100, the terminal devices 200 and 200a, and the key management server 300 are connected via the networks 10 and 20 and the communication device 10a.

The network 10 is a network to which the data providing server 100 is connected. The network 10 is, for example, the Internet.
The communication device 10 a is a wireless communication device connected to the network 10. The communication device 10a performs wireless communication with the terminal device 200a.

  The network 20 is a network to which the terminal device 200 and the key management server 300 are connected. The network 20 is, for example, an intranet and is an internal network of a user company.

  The network 10 and the network 20 are connected. However, the network 20 is provided with a gateway, a firewall, and the like (not shown in FIG. 2) that relay communication between the networks at the contact point with the network 10. Access to the inside of the network 20 from devices (the data providing server 100 and the terminal device 200a) outside the network 20 is restricted by the gateway and the firewall.

  The data providing server 100 is a service provider server device. The data providing server 100 stores and manages user data used by the users of the terminal devices 200 and 200a. The data providing server 100 transmits the user data to the terminal devices 200 and 200a in response to a request from the terminal devices 200 and 200a.

  The data providing server 100 has a Web server function. The data providing server 100 receives an HTTP (Hypertext Transfer Protocol) request (hereinafter simply referred to as a request) from the terminal devices 200 and 200a. The data providing server 100 transmits an HTTP response corresponding to the request (hereinafter simply referred to as a response) to the terminal devices 200 and 200a. In this way, the data providing server 100 provides a web service.

  The terminal devices 200 and 200a are computers used by users. A user can register a schedule in the data providing server 100 by operating the terminal device 200. The user can operate the terminal devices 200 and 200a to acquire data stored in the data providing server 100 and browse the registered schedule. For example, the user can browse the schedule registered from the terminal device 200 using the terminal device 200a outside the company. The terminal devices 200 and 200a execute a Web browser that provides a GUI (Graphical User Interface) for the user to use the system.

  The key management server 300 stores a key for cryptographic processing of the confidential part of the schedule. The key management server 300 transmits a key to the terminal device 200 in response to a request from the terminal device 200. A plurality of key management servers 300 may be provided, and a plurality of keys may be managed respectively.

The user can encrypt the confidential part of the schedule using the key of the key management server 300. Thereby, illegal browsing of confidential matters on the data providing server 100 side can be prevented.
FIG. 3 is a diagram illustrating a hardware configuration of the data providing server according to the second embodiment. The data providing server 100 includes a central processing unit (CPU) 101, a read only memory (ROM) 102, a random access memory (RAM) 103, a hard disk drive (HDD) 104, a graphic processing device 105, an input interface 106, and a recording medium reading. A device 107 and a communication interface 108 are included.

The CPU 101 controls the entire data providing server 100.
The ROM 102 stores a BIOS (Basic Input / Output System) program on the data providing server 100.

  The RAM 103 temporarily stores at least part of an OS (Operating System) program and application programs to be executed by the CPU 101. The RAM 103 stores various data necessary for processing by the CPU 101.

  The HDD 104 stores an OS program and an application program. The HDD 104 stores various data necessary for processing by the CPU 101. Instead of the HDD 104 (or in combination with the HDD 104), another type of storage device such as an SSD (Solid State Drive) may be used.

The graphic processing device 105 is connected to the monitor 11. The graphic processing device 105 displays an image on the screen of the monitor 11 in accordance with a command from the CPU 101.
The input interface 106 is connected to the keyboard 12 and the mouse 13. The input interface 106 transmits a signal sent from the keyboard 12 or the mouse 13 to the CPU 101.

  The recording medium reading device 107 is a reading device that reads data stored in the recording medium 14. For example, a function that the data providing server 100 should have can be realized by causing a computer to execute a program describing the processing content of the function. Such a program can be recorded on a computer-readable recording medium 14 and distributed. Further, the program may be stored in a program distribution server (not shown) connected to the network 10. In this case, the data providing server 100 can download the program from the program distribution server via the network 10.

  As the recording medium 14, for example, a magnetic recording device, an optical disk, a magneto-optical recording medium, or a semiconductor memory can be used. Magnetic recording devices include HDDs, flexible disks (FD), magnetic tapes, and the like. Optical disks include CD (Compact Disc), CD-R (Recordable) / RW (ReWritable), DVD (Digital Versatile Disc), DVD-R / RW / RAM, and the like. Magneto-optical recording media include MO (Magneto-Optical disk). Semiconductor memory includes flash memory such as USB (Universal Serial Bus) memory.

  The communication interface 108 is connected to the network 10. The communication interface 108 performs data communication with other information processing apparatuses via the networks 10 and 20 and the communication apparatus 10a.

The terminal devices 200 and 200a and the key management server 300 can also be realized by the same hardware configuration as that of the data providing server 100.
FIG. 4 is a diagram illustrating a functional configuration of the data providing server according to the second embodiment. The data providing server 100 includes a data storage unit 110, a reception unit 120, a user information management unit 130, a client program configuration unit 140, and a transmission unit 150. These functions are realized by the CPU 101 executing a predetermined program. Note that at least a part or all of these functions may be realized by dedicated hardware.

  The data storage unit 110 stores user management information for managing users, data management information for managing data, and the like. The user management information is information for managing encryption processing policies (key location information and encryption targets) for each user. The data management information is information for managing the data body for each user. In addition, the data storage unit 110 stores configuration information of a Web page to be responded to the terminal device 200, a model of the program, and the like.

  The receiving unit 120 receives a request transmitted from the terminal device 200. The request includes a request for a schedule registration screen and a request for a schedule browsing screen. The receiving unit 120 outputs the received request to the user information management unit 130.

  The user information management unit 130 manages user management information and data management information stored in the data storage unit 110. The user information management unit 130 analyzes the request acquired from the reception unit 120 and executes processing according to the content. The request includes a request for a schedule registration screen and a request for a schedule browsing screen.

In addition, upon receiving a request for updating user management information or data management information, the user information management unit 130 updates each information stored in the data storage unit 110.
For example, when receiving new schedule data or updated schedule data from the terminal device 200, the user information management unit 130 updates the data management information stored in the data storage unit 110 based on the received data.

The client program configuration unit 140 executes the following processing according to the content of the request analyzed by the user information management unit 130.
(1) Upon acquiring the request for the schedule registration screen, the client program configuration unit 140 generates an HTML (Hypertext Markup Language) document for displaying the schedule registration screen on the Web browser of the terminal device 200, and sends it to the transmission unit 150. Output. The HTML document model is stored in the data storage unit 110.

  The HTML document includes a program (key acquisition program) for causing the terminal device 200 to acquire a key to be used for encryption processing from the device indicated by the location information. The program is described in, for example, JavaScript (registered trademark). The key location information is information indicating the key management server 300, information indicating directories and files on the key management server 300, and is, for example, a URI (Uniform Resource Identifier). The client program configuration unit 140 can acquire location information corresponding to the user by referring to the user management information stored in the data storage unit 110.

  (2) The client program configuration unit 140 reads the schedule data stored in the data storage unit 110 in response to the request for the schedule browsing screen. The client program configuration unit 140 generates an HTML document for displaying the schedule browsing screen on the Web browser of the terminal device 200, and outputs the HTML document to the transmission unit 150. The HTML document model is stored in the data storage unit 110. The HTML document includes a program (key acquisition program) for causing the terminal device 200 to acquire a key to be used for encryption processing from the device indicated by the location information. The program is described in, for example, JavaScript (registered trademark).

The transmission unit 150 includes the HTML document acquired from the client program configuration unit 140 in a response to the request, and transmits the HTML document to the terminal device 200.
FIG. 5 is a diagram illustrating a functional configuration of the terminal device according to the second embodiment. The terminal device 200 includes a Web browser 210, a key acquisition unit 220, and an encryption processing unit 230. These functions are realized by the CPU of the terminal device 200 executing a predetermined program. In particular, the functions of the key acquisition unit 220 and the encryption processing unit 230 are realized by executing a program included in a response from the data providing server 100.

  The web browser 210 receives data input by the user operating the keyboard 12 or the mouse 13 and transmits the data to the data providing server 100. When transmitting schedule data to the data providing server 100, the Web browser 210 causes the encryption processing unit 230 to encrypt part or all of the schedule data as necessary. Then, the Web browser 210 transmits the encrypted data to the data providing server 100.

  Further, the Web browser 210 causes the monitor 11 to display the contents of the HTML document received from the data providing server 100. At that time, the Web browser 210 causes the encryption processing unit 230 to decrypt the encrypted part in the HTML document. Then, the decrypted contents are displayed on the monitor 11.

  The key acquisition unit 220 and the encryption processing unit 230 are functions called by the Web browser 210. The functions of the key acquisition unit 220 and the encryption processing unit 230 are realized by the CPU of the terminal device 200 executing a program included in the HTML document received by the Web browser 210.

  The key acquisition unit 220 acquires a key for cryptographic processing based on location information included in the program. The location information indicates a key storage location on the key management server 300. The key acquisition unit 220 transmits a key request for requesting the key management server 300 to transmit a key based on the location information. The key acquisition unit 220 receives a key from the key management server 300. The key acquisition unit 220 outputs the received key to the encryption processing unit 230.

  The encryption processing unit 230 performs encryption processing on the data acquired from the Web browser 210 using the key acquired from the key acquisition unit 220. The encryption processing unit 230 includes an encryption unit 231 and a decryption unit 232.

  The encryption unit 231 encrypts the data acquired from the Web browser 210 using the key acquired from the key acquisition unit 220. The encryption unit 231 outputs the encrypted data to the web browser 210.

  The decryption unit 232 decrypts the encrypted part of the data acquired from the Web browser 210 using the key acquired from the key acquisition unit 220. The decryption unit 232 outputs the decrypted data to the web browser 210.

In the terminal device 200a, the Web browser 210 may be realized.
FIG. 6 is a diagram illustrating a functional configuration of the key management server according to the second embodiment. The key management server 300 includes a key storage unit 310, a reception unit 320, a key extraction unit 330, and a transmission unit 340. These functions are realized by the CPU of the key management server 300 executing a predetermined program. Note that at least a part or all of these functions may be realized by dedicated hardware.

  The key storage unit 310 stores a key used by the terminal device 200 for encryption processing. For example, the key is stored in a different directory for each user or for each group to which a plurality of users belong.

The receiving unit 320 receives a key request from the terminal device 200. The receiving unit 320 outputs the received key request to the key extracting unit 330.
The key extraction unit 330 acquires the key stored in the key storage unit 310 based on the key request acquired from the reception unit 320. The key extraction unit 330 outputs the acquired key to the transmission unit 340.

The transmission unit 340 transmits the key acquired from the key extraction unit 330 to the terminal device 200.
FIG. 7 illustrates an exemplary data structure of the user management table according to the second embodiment. The user management table 111 is stored in the data storage unit 110. The user management table 111 includes items of item number, user ID, password, user name, key arrangement location URI, in-house determination domain, encryption target, and belonging group. Information arranged in the horizontal direction of each item is associated with each other to indicate one user's information.

  In the item number, a number for identifying the record is set. In the user ID, a user identifier is set. In the password, a password for authenticating the user is set. The user name is set as the user name. In the key arrangement location URI, a URI indicating the computer or file storing the key is set. In the in-house determination domain, a domain for determining whether the access source is in-house or outside the company is set. In the encryption target, information specifying a data item to be encrypted is set. For example, a schedule outline, a location, and the like are set as data items to be encrypted among data items input as a schedule. When there is a group to which the user belongs, identification information indicating the group is set in the belonging group.

  In the user management table 111, for example, the item number is “1”, the user ID is “taro”, the password is “12345abcde”, the user name is “Fuji Taro”, and the key arrangement location URI is “http: //sales.shanai”. .Example.com / key.jsonp ”and the in-house determination domain is“ * .shanai.example.com ”. Among the encryption targets, information is set such that the outline is “O”, the location is “O”, and the group to which the group belongs is “− (no setting)”.

  Each piece of information of item number 1 is associated with the user indicated by the user ID “taro”. In particular, it is shown that the key used for encryption processing of the schedule data registered by the user indicated by “taro” can be acquired as a file on the key management server 300 indicated by the URI by the information of the key arrangement location URI of item number 1. Has been. Further, when the access source matches the domain of “* .shanai.example.com” based on the information of the in-house determination domain of item number 1, it is detected that the access is from the inside of the user company. It is shown. Here, “*” is a wild card and corresponds to an arbitrary character string. Further, it is indicated that the data items of the outline and the location among the data items of the schedule to be newly registered are encrypted by the information to be encrypted of item number 1. Further, the information on the group belonging to item number 1 indicates that there is no group setting.

Here, when “x” is set in the data item to be encrypted, this indicates that the data item is not encrypted.
Further, in the user management table 111, for example, the item number is “2”, the user ID is “jirou”, the password is “qwertyoop”, the user name is “Fujiro”, and the key arrangement location URI is “− (no setting)”. "In-house determination domain is set to"-(no setting) ", information to be encrypted (both summary and location) is set to"-(no setting) ", and the group to which the group belongs is set to" Group1 ".

  According to each item No. 2, the user indicated by “jirou” belongs to the group indicated by “Group1”, and the settings such as the key arrangement location URI and the encryption target conform to the policy of the group. It is shown.

  FIG. 8 illustrates an exemplary data structure of the group management table according to the second embodiment. The group management table 112 is stored in the data storage unit 110. In the group management table 112, an item number, a group ID, a group name, a key arrangement location URI, an in-house determination domain, and items to be encrypted are provided. Information arranged in the horizontal direction of each item is associated with each other to indicate one group of information.

  In the item number, a number for identifying the record is set. In the group ID, a group identifier is set. The group name is set as the group name. In the key arrangement location URI, a URI indicating the computer or file storing the key is set. In the in-house determination domain, a domain for determining whether the access source is in-house or outside the company is set. In the encryption target, information specifying a data item to be encrypted is set. For example, a schedule outline, a location, and the like are set as data items to be encrypted among data items input as a schedule.

  In the group management table 112, for example, the item number is “1”, the group ID is “Group1”, the group name is “design team”, and the key arrangement location URI is “http://sk.shanai.example.com/a1”. /Key3.jsonp ”and the in-house determination domain is set as“ * .shanai.example.com ”. In addition, information that is “O” for the outline and “O” for the location is set in the encryption target.

  The information of item number 1 is associated with the group indicated by the user ID “Group1”. In particular, it is shown that the key used for the encryption processing of the schedule data registered by the user belonging to the group indicated by “Group 1” can be acquired as a file on the server indicated by the URI by the information of the key arrangement location URI of No. 1. Has been. Further, when the access source matches the domain of “* .shanai.example.com” based on the information of the in-house determination domain of item number 1, it is detected that the access is from the inside of the user company. It is shown. In addition, the information to be encrypted of item number 1 indicates that the data items of the outline and the location are to be encrypted among the data items of the schedule newly registered by the users belonging to this group.

  For example, the user indicated by “jirou” shown in the user management table 111 belongs to “Group1”. Therefore, the record setting of the item number “1” is applied to the user indicated by “jirou”. However, when individual settings are made for the user in the user management table 111, the individual settings may be applied with priority.

By enabling management in units of groups in this way, for example, it is possible to easily set a unified policy for all persons in charge of a project.
FIG. 9 is a diagram illustrating an example of the data structure of the data management table according to the second embodiment. The data management table 113 is stored in the data storage unit 110. The data management table 113 includes items of item number, user ID, document ID, and data. Information arranged in the horizontal direction of each item is associated with each other to indicate information related to one piece of data.

  In the item number, a number for identifying the record is set. In the user ID, a user identifier is set. In the document ID, an identifier for identifying the document is set. The data body is set in the data body. For example, data in vCalendar format indicating each person's schedule is stored in the data body.

  In the data management table 113, for example, the information that the item number is “1”, the user ID is “taro”, the document ID is “0000001”, and the data body is “schedule data (taro) .vcs” is set. The data body is indicated by a file name.

  The information of item number 1 indicates that “schedule data (taro) .vcs” stored in the record is the schedule of the user “tarou” and the document ID is “0000001”.

  7 to 9 are stored in the data storage unit 110, each table or a part of each table may be stored in a separate storage unit. For example, the user management table 111 and the group management table 112 may be stored in the data storage unit 110, and the data management table 113 may be stored in another storage unit provided in the RAM 103 or the HDD 104.

  FIG. 10 is a diagram illustrating the contents of schedule data according to the second embodiment. The schedule data 400 shown in (A) indicates before encryption. The schedule data 410 shown in (B) indicates after encryption.

  The schedule data 400 has a plurality of data items indicating the contents of the schedule. The data items include a location 401 and a summary (SUMMARY) 402.

In the place 401, for example, information “C101 conference room” is set. In the overview 402, for example, information “cloud strategy meeting” is set.
The schedule data 410 has the same data items as the schedule data 400. Data items include a location 411 and a summary 412. The location 411 corresponds after the location 401 is encrypted. The outline 412 corresponds to the outline 402 after encryption.

  When the location and the outline are selected as the user encryption targets, the encrypted contents are set in the location 411 and the outline 412 as in the schedule data 410. Then, the terminal device 200 transmits the schedule data 410 to the data providing server 100. The data providing server 100 registers the contents of the schedule data 410 in the data management table 113 stored in the data storage unit 110. Specifically, for example, the content newly added in the schedule data 410 is inserted into a predetermined tag portion of the schedule data already stored in the data management table 113. Alternatively, for example, when the date and time included in the schedule data 410 has already been inserted, the content of the schedule is replaced with the content of the schedule data 410 for that date and time.

  Next, a screen displayed by the Web browser 210 will be described. The screen shown below is displayed on the monitor of the terminal device 200 by the Web browser 210 based on the HTML document transmitted from the data providing server 100 to the terminal device 200.

FIG. 11 is a diagram exemplifying a screen at the start of use of the system. (A) shows the login screen 510. (B) shows the use menu screen 520.
The login screen 510 is a screen displayed on the browser when a predetermined URI indicating the Web page provided by the data providing server 100 is designated by the Web browser 210.

On the login screen 510, text boxes 511 and 512 and a login button 513 are displayed.
A text box 511 is a form for inputting a user ID. A text box 512 is a form for inputting a password. The user can input a character string into the text boxes 511 and 512 by operating an input device (such as a keyboard or a mouse) connected to the terminal device 200.

  The login button 513 is a button for transmitting the user ID and password input in the text boxes 511 and 512 to the data providing server 100. The user can urge the data providing server 100 to perform user authentication using the input character string by pressing the login button 513 using the input device.

  The data providing server 100 refers to the user management table 111 and the group management table 112 stored in the data storage unit 110 and compares the user ID with the password to perform authentication. When the authentication is successful, the data providing server 100 transmits an HTML document indicating the use menu screen 520 to the terminal device 200.

  The use menu screen 520 is a screen displayed on the Web browser 210 as a result of successful authentication. On the use menu screen 520, a setting button 521, a schedule registration button 522, and a schedule browsing button 523 are displayed. The user can operate the input device, press down each button, and display a screen corresponding to each button on the Web browser 210.

  The setting button 521 is a button for making a transition to the setting screen. The use menu screen 520 shows a state where the user “Taro Fuji” has logged in. When the setting button 521 is pressed, a transition is made to a screen for setting the encryption processing of the logged-in user.

The schedule registration button 522 is a button for making a transition to the schedule registration screen. When the schedule registration button 522 is pressed, the screen shifts to the schedule registration screen for the user.
The schedule browsing button 523 is a button for making a transition to the reservation browsing screen. When the plan browsing button 523 is pressed, the screen transitions to the user's plan browsing screen.

  In the usage menu screen 520, the case where the user has logged in as an example is illustrated, but the setting menu screen is similarly displayed when the user logs in as a group. However, in that case, a schedule registration button and a schedule browsing button for each user belonging to the group may be displayed on the setting menu screen.

  For example, for access from outside the network 20 (access from outside the company), the data providing server 100 may not display the schedule registration button 522 on the use menu screen 520.

  FIG. 12 is a diagram illustrating an example of a setting screen for encryption processing. The setting screen 530 is a screen displayed on the Web browser 210 when the setting button 521 is pressed on the use menu screen 520. On the setting screen 530, text boxes 531 and 532, check boxes 533 and 534, and a confirmation button 535 are displayed.

  A text box 531 is a form for inputting a URI indicating the location of the encryption key. The text box 532 is a form for inputting a domain that is a determination criterion for determining whether or not the access source domain is an in-house domain. The user can input a character string into the text boxes 531 and 532 using the input device.

  Check boxes 533 and 534 are forms for designating data items to be encrypted among schedule data. The check box 533 receives whether or not the summary data item is encrypted. The check box 534 receives whether or not the location data item is encrypted. The user can input a check in the check boxes 533 and 534 by operating the input device when he / she wants to make the corresponding data item to be encrypted.

  The confirm button 535 is a button for confirming data input to the setting screen 530 and transmitting the data to the data providing server 100. The user can instruct the data providing server 100 to update his / her user management record with the content input on the setting screen 530 by operating the input device and pressing the confirm button 535.

  When receiving the input content, the data providing server 100 updates the record of the corresponding user in the user management table 111 stored in the data storage unit 110. Specifically, the URI input in the text box 531 is set as the key arrangement location URI of the user management table 111. Further, the domain input in the text box 532 is set as the in-house determination domain of the user management table 111. In addition, when a check is input in the check box 533, “O” is set in the summary item in the encryption target of the user management table 111. Similarly, when a check is input in the check box 534, “O” is set in the location item among the encryption targets of the user management table 111. If the check is not input, “x” is set in the item of the user management table 111.

  The setting screen 530 may be provided with a form for changing the setting of the group to which the user belongs in the case of login in units of users. Further, when logged in as a group, it is possible to set / change the encryption processing of the group set in the group management table 112 on the setting screen 530.

  FIG. 13 is a diagram illustrating a schedule registration screen. The schedule registration screen 540 is a screen displayed on the Web browser 210 when the schedule registration button 522 is pressed on the use menu screen 520. On the schedule registration screen 540, an anchor 541, text boxes 542, 543, 544, 545, a check box 546 and a registration button 547 are displayed.

The anchor 541 is a hyperlink for transitioning to the schedule browsing screen.
A text box 542 is a form for inputting the date of the schedule. A text box 543 is a form for inputting the start time of the schedule. A text box 544 is a form for inputting a summary of the schedule. A text box 545 is a form for inputting the location of the schedule. The user can input each data item in the text boxes 542, 543, 544, and 545 using the input device.

  The check box 546 is a form for selecting whether or not to encrypt the data item to be encrypted designated on the setting screen 530. The user can input a check in the check box 546 by operating the input device.

  The registration button 547 is a button for confirming the contents input in the text boxes 542, 543, 544, 545 and the check box 546. The user can operate the input device and press the registration button 547 to instruct the data providing server 100 to register the contents of the schedule input on the schedule registration screen 540 in its own schedule data.

  If the check box 546 is checked at this time, the terminal device 200 encrypts a predetermined data item and then transmits the input content to the data providing server 100.

  Further, for example, the data providing server 100 may not display the check box 546 on the schedule registration screen 540 for access from other than the network 20 (access from outside the company).

  FIG. 14 is a diagram illustrating an HTML document on the schedule registration screen. The HTML document 540 a is generated by the data providing server 100 and transmitted to the terminal device 200 when the schedule registration button 522 on the use menu screen 520 is pressed. The Web browser 210 displays a schedule registration screen 540 on the monitor based on the HTML document 540a.

The HTML document 540a includes codes 541a, 542a, and 543a.
The code 541a is a code for reading a file group (“internal.js” or the like) describing a function for executing encryption processing into the memory of the terminal device 200.

  The code 542a is a code describing a script for realizing the key acquisition unit 220. The code 542a includes a URI that designates a key stored in the key management server 300. Specifically, “http://sales.example.com/key.jsonp” is a URI that designates a key stored in the key management server 300. The terminal device 200 makes an inquiry about “sales.example.com” to a name server (not shown in FIG. 2) connected to the network 20, for example, so that the IP (Internet Protocol) of the key management server 300 corresponding to the domain name is obtained. ) You can get the address. Alternatively, the terminal device 200 may have a file in which the association between the domain name and the IP address is defined in advance. Thereby, the key acquisition unit 220 is realized on the terminal device 200.

  The key acquisition unit 220 acquires a key from the key management server 300 by JSONP (JavaScript Object Notation with Padding). In the key management server 300, the file “key.jsonp” is stored in a predetermined directory. In “key.jsonp”, for example, JSONP data “jsonp (“ mysecretkey ”);” is described. The key acquisition unit 220 obtains a response of jsonp (“mysecretkey”); from the key management server 300, and can acquire the key “mysecretkey” using the function “jsonp” defined by the code 542a.

  The code 543a is a code describing a script for realizing the encryption unit 231. When the check button 546 is checked when the registration button 547 is pressed, the encryption unit 231 encrypts data items (location and summary) to be encrypted in the input schedule data. Turn into. Then, the terminal device 200 transmits the encrypted schedule data to the data providing server 100.

  The codes 542a and 543a are generated according to the contents set in the user management table 111 and the group management table 112 stored in the data storage unit 110. For example, a server other than the key management server 300 may be specified for the URI included in the code 542a. Further, for example, in the code 543a, data items other than the location and the outline may be the encryption target. In this case, in the user management table 111 and the group management table 112, data items other than the location and the outline (for example, the start time) are set as encryption targets. A template for generating the HTML document 540a is stored in the data storage unit 110 in advance.

  FIG. 15 is a diagram illustrating a function for executing cryptographic processing. The file 540b shows the contents of “internal.js”. The file 540b is stored in advance in the data storage unit 110 as a configuration file of the schedule registration screen 540. The file 540b includes codes 541b and 542b.

  The code 541b is a code indicating the encryption processing by the encryption unit 231. The code 541b exemplifies a case where encoding is performed using base64 after encryption by a predetermined function (“blowfish.encrypt”) using the key (“pcdms.key”) acquired by the key acquisition unit 220. ing. The encryption unit 231 adds “{enc:” to the beginning of the encoded data and “}” to the end. This is because the encryption part can be easily specified by the decryption unit 232.

  The code 542b is a code indicating a decoding process by the decoding unit 232. The code 542b illustrates a case where the data encrypted by the code 541b is decrypted. The decoding unit 232 outputs the data to be decoded that does not include “{enc:” at the head as it is. For those including “{enc:”, the character string excluding the leading “{enc:” and the last “}” is decoded by base64. Furthermore, the decoded data is decrypted by a predetermined function (“blowfish.decrypt”) using the key acquired by the key acquisition unit 220. Then, the decrypted data is output to the Web browser 210.

  Note that there may be a case where “{enc:” is included at the head even though the data to be decrypted is not encrypted. In consideration of such a case, another escape process may be added to the code 542b as appropriate so that the unencrypted data is not decrypted.

  FIG. 16 is a diagram illustrating a schedule browsing screen. (A) shows the schedule browsing screen 550 when the data providing server 100 is accessed from within the company (when accessing the company). The plan browsing screen 550 is a screen displayed on the Web browser 210 of the terminal device 200. (B) shows the schedule browsing screen 560 when the data providing server 100 is accessed from outside the company (when accessing outside the company). The plan browsing screen 560 is a screen displayed on the Web browser of the terminal device 200a.

  On the schedule browsing screen 550, an anchor 551 and a schedule list display section 552 are displayed. The anchor 551 is a hyperlink for transitioning to the schedule registration screen 540. The schedule list display unit 552 is an area for displaying a list of schedules of users who are currently logged in.

  The schedule list display unit 552 displays the contents of the data body set in the data management table 113 stored in the data storage unit 110. For example, when the user “Taro Fuji” is logged in, the data body “schedule data (taro) .vcs” corresponding to the user ID “taro” at the time of login is read, and the content is displayed in the schedule list display section 552. Is displayed. The terminal device 200 decrypts the encrypted portion of the data described in the data body with the key acquired from the key management server 300 and displays it on the schedule list display unit 552.

  On the schedule browsing screen 560, an anchor 561 and a schedule list display unit 562 are displayed. The anchor 561 corresponds to the anchor 551. The schedule list display unit 562 corresponds to the schedule list display unit 552.

  The schedule list display unit 562 displays a list of the schedules of logged-in users in the same manner as the schedule list display unit 552. However, since the key cannot be obtained by accessing the network 20 during external access, the encrypted portion is replaced with a predetermined character string.

  FIG. 17 is a diagram illustrating a first example of the HTML document on the schedule browsing screen. The HTML document 550 a is generated by the data providing server 100 and transmitted to the terminal device 200 when the plan view button 523 on the use menu screen 520 is pressed during internal access. The web browser 210 displays the schedule browsing screen 550 on the monitor based on the HTML document 550a.

The HTML document 550a includes codes 551a, 552a, 553a, and 554a.
The code 551a is a code for reading a file group in which a function for executing cryptographic processing is written into the memory of the terminal device 200.

  The code 552a is a code describing a script for realizing the key acquisition unit 220. The code 552a includes a URI specifying the key stored in the key management server 300. Specifically, “http://sales.example.com/key.jsonp” is a URI that designates a key stored in the key management server 300. The key acquisition method using the URI is the same as the method described with reference to the code 542a in FIG.

  The code 553a is a code describing a script for realizing the decryption unit 232. When the key acquisition unit 220 acquires the key, the decryption unit 232 attempts to decrypt each element of the tag “td” in the HTML document 550a.

The code 554a is a code including an encrypted part in the element of the tag “td”.
The method for decrypting the encrypted part is as described for the code 542b in FIG.
FIG. 18 is a diagram illustrating a second example of the HTML document on the schedule browsing screen. The HTML document 560a is generated by the data providing server 100 and transmitted to the terminal device 200a when the planned browsing button 523 on the use menu screen 520 is pressed during external access. The Web browser displays the schedule browsing screen 560 on the monitor based on the HTML document 560a.

  The HTML document 560a includes a code 561a. The code 561a corresponds to the code 554a shown in FIG. In this way, the data providing server 100 generates the HTML document 560a in which the encrypted part is replaced with a predetermined character string (for example, “inside secret”) at the time of external access. This prevents a meaningless character string included in the encrypted part from being presented to the user.

  For this reason, for example, even if the schedule browsing screen 560 is displayed on the Web browser of the terminal device 200a, an encrypted meaningless character string is not displayed. Therefore, it is possible to ensure the security of the encrypted part even when accessed outside the company and improve the visibility of the contents.

  Next, a processing procedure in the information processing system configured as described above will be described. In the following, it is assumed that the user “Taro Fuji” accesses the data providing server 100 from the terminal device 200 unless otherwise specified.

FIG. 19 is a flowchart showing menu screen display processing. Hereinafter, each process is demonstrated along a step number.
[Step S11] The terminal device 200 receives the URI of the login screen 510. The URI is input to the terminal device 200 when, for example, the user selects a hyperlink indicating the URI from a predetermined Web page or directly inputs the URI to the Web browser 210.

[Step S12] The terminal device 200 transmits a request for the login screen 510 to the data providing server 100.
[Step S13] The data providing server 100 receives a request from the terminal device 200. In response to the request, the data providing server 100 transmits a response including the HTML document of the login screen 510 to the terminal device 200.

  [Step S14] The terminal device 200 receives a response from the data providing server 100. The terminal device 200 displays a login screen 510 on the monitor based on the HTML document included in the response.

  [Step S <b> 15] When the terminal device 200 receives an operation of pressing the login button 513 on the login screen 510, the terminal device 200 transmits the user ID and password input in the text boxes 511 and 512 to the data providing server 100.

  [Step S16] The data providing server 100 collates the received ID and password with the user ID and password in the user management table 111 stored in the data storage unit 110. If there is a match between the ID and the password, the process proceeds to step S17 as authentication OK. In this case, the data providing server 100 holds the authenticated ID in a session variable associated with a session with the terminal device 200, for example. If no ID and password match, the process proceeds to step S18 as authentication NG.

[Step S17] The data providing server 100 responds to the terminal device 200 with the HTML document on the use menu screen 520.
[Step S18] The data providing server 100 responds to the terminal device 200 with an authentication failure. Then, the authentication failure is indicated to the user on the terminal device 200, and the process is completed.

[Step S19] The terminal device 200 displays a usage menu screen 520 on the monitor based on the received HTML document. Then, the process is completed.
In this way, the data providing server 100 permits the use of the information processing system when the user who uses the terminal device 200 is successfully authenticated.

  The user can use each function provided by the data providing server 100 by pressing a desired button on the use menu screen 520 displayed on the monitor connected to the terminal device 200. Next, the processing procedure of each function will be described. Here, the setting process when the setting button 521 is pressed is the same as the contents described with reference to FIG.

First, processing executed by each device after the schedule registration button 522 is pressed on the use menu screen 520 will be described.
FIG. 20 is a flowchart showing the schedule registration process. Hereinafter, each process is demonstrated along a step number.

[Step S21] The terminal device 200 accepts a pressing operation of the schedule registration button 522 on the use menu screen 520.
[Step S22] The terminal device 200 transmits a request for the schedule registration screen 540.

  [Step S <b> 23] The data providing server 100 receives a request from the terminal device 200. In response to the request, the data providing server 100 transmits a response including the HTML document 540a of the schedule registration screen 540 and other necessary files to the terminal device 200.

  [Step S24] The terminal device 200 receives a response from the data providing server 100. The terminal device 200 analyzes the HTML document 540a included in the response, and executes the script included in the HTML document 540a. As a result, the function of the key acquisition unit 220 is realized on the terminal device 200.

[Step S25] The terminal device 200 acquires a key from the key management server 300.
[Step S26] The terminal device 200 displays the schedule registration screen 540 on the monitor based on the HTML document 540a. The terminal device 200 accepts a pressing operation of the registration button 547 on the schedule registration screen 540.

[Step S <b> 27] The terminal device 200 performs an encryption process on the data item input to the schedule registration screen 540.
[Step S <b> 28] The terminal device 200 transmits schedule data including each data item to the data providing server 100.

  [Step S29] The data providing server 100 receives schedule data from the terminal device 200. The data providing server 100 updates the contents of the schedule data registered in the data management table 113 stored in the data storage unit 110. For example, when a schedule is added, the contents added to the existing schedule data of the user are added. When the existing schedule is changed, the target schedule included in the existing schedule data of the user is updated.

[Step S30] The data providing server 100 transmits a response notifying that the registration of the schedule data is completed to the terminal device 200.
[Step S31] The terminal device 200 receives a response from the data providing server 100. The terminal device 200 displays on the monitor that the registration of the schedule data has been completed. Then, the process is completed.

  In this way, the data providing server 100 generates an HTML document 540 a for the schedule registration screen 540 in response to a request for the schedule registration screen 540 from the terminal device 200 and transmits it to the terminal device 200. The terminal device 200 can acquire a key from the key management server 300 based on the HTML document 540 a received from the data providing server 100 and can encrypt data to be transmitted to the data providing server 100.

Next, the procedure of the schedule registration screen response process of the data providing server 100 shown in step S23 will be described.
FIG. 21 is a flowchart showing the schedule registration screen response process. Hereinafter, each process is demonstrated along a step number.

  [Step S41] The receiving unit 120 receives a request for the schedule registration screen 540. The receiving unit 120 outputs the received request to the user information management unit 130. The user information management unit 130 acquires the user ID of the access. For example, the user ID can be acquired from a session variable defined with the terminal device 200.

[Step S42] The user information management unit 130 refers to the user management table 111 stored in the data storage unit 110, and acquires a key arrangement location URI corresponding to the user ID.
[Step S43] The user information management unit 130 refers to the user management table 111 and acquires the data item to be encrypted corresponding to the user ID. Then, the acquired key arrangement location URI and the encryption target are output to the client program configuration unit 140.

  [Step S44] The client program configuration unit 140 generates an HTML document 540a based on the template stored in the data storage unit 110. Specifically, a code corresponding to the acquired key arrangement location URI is generated and inserted into the template. For example, the location of “http://sales.shanai.example.com/key.jsonp” included in the code 541a of the HTML document 540a corresponds. Also, a code corresponding to the acquired data item to be encrypted is generated and inserted into the template. For example, “form.location.value = pcdms.enc (form.location.value);” and “form.summary.value = pcdms.enc (form.summary.value);” are included in the code 542a. To do. Then, the generated HTML document 540 a and other necessary file groups are output to the transmission unit 150.

[Step S45] The transmission unit 150 includes the HTML document 540a acquired from the client program configuration unit 140 in a response and transmits the response to the terminal device 200.
In this way, the data providing server 100 generates the HTML document 540a and transmits it to the terminal device 200.

  The terminal device 200 implements the function of the key acquisition unit 220 based on the script described in the HTML document 540a. Next, the key acquisition process procedure of the terminal device 200 shown in step S25 of FIG. 20 will be described.

FIG. 22 is a flowchart showing the key acquisition process. Hereinafter, each process is demonstrated along a step number.
[Step S51] The Web browser 210 generates a script tag for acquiring JSONP data including the key arrangement location URI based on the code 542a described in the HTML document 540a.

  [Step S52] The Web browser 210 inserts the generated script tag into the body part of the HTML document 540a. Then, the web browser 210 evaluates and executes the generated script tag. Thereby, the key acquisition unit 220 is realized.

  [Step S53] The key acquisition unit 220 accesses the key arrangement location URI. Specifically, an external file “http://sales.shanai.example.com/key.jsonp” indicating the key on the key management server 300 described in the code 542a is read. For example, the key acquisition unit 220 obtains a response “jsonp (“ mysecretkey ”);” from the key management server 300 and executes the callback function “jsonp”.

[Step S54] The key acquisition unit 220 assigns the key acquired by the function to a key storage variable (pcdms.key).
In this way, the key acquisition unit 220 is realized. Then, the key acquisition unit 220 acquires a key from the key management server 300. In the above example, the case where the key is acquired by JSONP is shown, but the present invention is not limited to this. For example, it is also conceivable to realize the function of the key acquisition unit 220 by transmitting an application described in a program language other than JavaScript (registered trademark) from the data providing server 100 to the terminal device 200 for execution.

  The terminal device 200 displays the schedule registration screen 540 on the monitor based on the HTML document 540a. When the registration button 547 on the schedule registration screen 540 is pressed, encryption processing is performed. Next, the procedure of the encryption process of the terminal device 200 shown in step S27 of FIG. 20 will be described.

FIG. 23 is a flowchart showing the encryption process. Hereinafter, each process is demonstrated along a step number.
[Step S61] The Web browser 210 determines whether the check box 546 of the schedule registration screen 540 is ON / OFF, that is, whether to perform encryption. When encryption is performed, the encryption unit 231 is realized based on the description of the code 543a of the HTML document 540a, and the process proceeds to step S62. If no encryption is performed, the process is completed.

  [Step S62] The encryption unit 231 repeatedly executes the following steps S63 to S65 for the data item to be encrypted. Here, in the HTML document 540a, the code 543a describes that the data item is encrypted for the location (“location”) and the summary (“summary”).

[Step S63] The encryption unit 231 extracts data of the data item to be encrypted.
[Step S64] The encryption unit 231 encrypts the extracted data using the key acquired by the key acquisition unit 220. The encryption unit 231 can acquire the key by referring to the value of the predetermined variable output from the key acquisition unit 220. The specific contents of the encryption process are the same as those based on the code 541b in FIG. The encryption unit 231 adds a predetermined character or character string to the beginning and the end of the encrypted data.

[Step S65] The encryption unit 231 replaces the input data with the encrypted data.
[Step S66] The encryption unit 231 determines whether or not encryption processing has been executed for all data items described in the code 543a. When all are executed, the process is completed. If not all, the process proceeds to step S63.

In this way, the encryption unit 231 performs encryption processing. The processing order for each data item is, for example, the order described in the code 543a (in order from top to bottom).
Next, processing executed by each device after the scheduled browsing button 523 is pressed on the usage menu screen 520 will be described.

FIG. 24 is a flowchart showing the schedule browsing process. Hereinafter, each process is demonstrated along a step number.
[Step S <b> 71] The terminal device 200 accepts a pressing operation of the schedule browsing button 523 on the usage menu screen 520.

[Step S <b> 72] The terminal device 200 transmits a request for the schedule browsing screen 550.
[Step S <b> 73] The data providing server 100 receives a request from the terminal device 200. In response to the request, the data providing server 100 transmits a response including the HTML document 550a of the schedule browsing screen 550 and other necessary files to the terminal device 200.

  [Step S74] The terminal device 200 receives a response from the data providing server 100. The terminal device 200 analyzes the HTML document 550a included in the response, and determines whether there is a key acquisition script (corresponding to the code 552a) included in the HTML document 550a. If there is a script, the process proceeds to step S75. If there is no script, the process proceeds to step S78.

[Step S75] The terminal device 200 executes a script included in the HTML document 550a. As a result, the function of the key acquisition unit 220 is realized on the terminal device 200.
[Step S76] The terminal device 200 acquires a key from the key management server 300.

[Step S77] The terminal device 200 performs a decoding process on the data items included in the HTML document 550a.
[Step S78] The terminal device 200 displays the contents of the HTML document 550a on the monitor. In addition, when the decoding process is performed by step S77, the content after decoding is displayed on the said part.

  In this way, the data providing server 100 generates an HTML document 550a for the schedule browsing screen 550 in response to a request for the schedule browsing screen 550 from the terminal device 200, and transmits the HTML document 550a to the terminal device 200. The terminal device 200 can acquire a key from the key management server 300 based on the HTML document 550a received from the data providing server 100, decrypt the encrypted portion, and display the decrypted portion on the monitor.

  In the above example, the case where the data providing server 100 is accessed from the terminal device 200 is shown. On the other hand, the same applies when the terminal device 200a accesses the data providing server 100. However, in the case of the terminal device 200a, access is from outside the company. Therefore, what the data providing server 100 provides to the terminal device 200a is an HTML document 560a in which the encrypted part is replaced with a predetermined character string in advance. The terminal device 200a displays a schedule list on the monitor based on the HTML document 560a. The processing procedure is shown below.

Next, the procedure of the scheduled browsing screen response process of the data providing server 100 shown in step S73 will be described.
FIG. 25 is a flowchart showing the schedule browsing screen response process. Hereinafter, each process is demonstrated along a step number.

  [Step S81] The receiving unit 120 receives a request for the schedule registration screen 540. The receiving unit 120 outputs the received request to the user information management unit 130. The user information management unit 130 acquires the user ID of the access. For example, the receiving unit 120 can acquire a user ID from a session variable defined with the terminal device 200.

  [Step S82] The user information management unit 130 refers to the data management table 113 stored in the data storage unit 110, and acquires schedule data corresponding to the user ID.

  [Step S83] The user information management unit 130 determines whether or not the access is internal access. If it is in-house access, the process proceeds to step S84. If it is external access, the process proceeds to step S86. For example, the user information management unit 130 refers to the user management table 111 stored in the data storage unit 110 to obtain an in-house determination domain corresponding to the user ID. Judgment can be made based on whether or not the domain name of the access source matches.

  [Step S84] The user information management unit 130 refers to the user management table 111 stored in the data storage unit 110, and acquires a key arrangement location URI corresponding to the user ID. Then, the user information management unit 130 outputs the acquired key arrangement location URI and schedule data to the client program configuration unit 140.

  [Step S85] The client program composition unit 140 generates an HTML document 550a based on the template stored in the data storage unit 110. Specifically, the client program configuration unit 140 generates a code corresponding to the acquired key arrangement location URI and inserts it into the template. For example, the location “http://sales.shanai.example.com/key.jsonp” included in the code 552a of the HTML document 550a corresponds to the code corresponding to the key arrangement location URI. In addition, the client program configuration unit 140 generates a code corresponding to the schedule list display unit 552 of the schedule browsing screen 550 according to the contents of the schedule data. Specifically, a portion enclosed by the “table” tab of the HTML document 550 a corresponds to a code corresponding to the schedule list display unit 552. The client program configuration unit 140 outputs the generated HTML document 550a and other necessary file groups to the transmission unit 150.

  [Step S86] The client program configuration unit 140 generates an HTML document based on the template stored in the data storage unit 110 and the contents of the schedule data. At this time, if the schedule data includes an encrypted part, the client program configuration unit 140 inserts the part into the HTML document in an encrypted state. And the client program structure part 140 specifies the encryption part.

  [Step S87] The client program configuration unit 140 generates an HTML document 560a by replacing the specified encrypted part with a predetermined character string. The replacement character string is stored in the data storage unit 110 in advance. In the example of the HTML document 560a, the character string “confidential” is supported. The client program configuration unit 140 outputs the generated HTML document 550a and other necessary file groups to the transmission unit 150.

  [Step S88] The transmission unit 150 includes the response including the HTML document 550a (or HTML document 560a) acquired from the client program configuration unit 140, and transmits the response to the terminal device 200 (or terminal device 200a).

In this way, the data providing server 100 generates the HTML documents 550a and 560a and transmits them to the terminal devices 200 and 200a.
The terminal device 200 implements the function of the key acquisition unit 220 based on the script described in the HTML document 550a. Here, the key acquisition process shown in step S76 of FIG. 24 is the same as the procedure described in FIG.

  When the terminal device 200 acquires the key, the terminal device 200 displays the schedule browsing screen 550 on the monitor based on the HTML document 550a. At this time, the encrypted part of the HTML document 550a is decrypted using the acquired key. Next, the procedure of the decoding process of the terminal device 200 shown in step S77 of FIG. 24 will be described.

FIG. 26 is a flowchart showing the decoding process. Hereinafter, each process is demonstrated along a step number.
[Step S91] The Web browser 210 implements the decryption unit 232 based on the description of the code 553a of the HTML document 550a. The decryption unit 232 repeatedly executes the following steps S92 to S95 for each data item included in the HTML document 550a.

[Step S92] The decryption unit 232 extracts an element (data) of the tag “td”.
[Step S93] The decryption unit 232 determines whether or not the extracted data is encrypted. If it is encrypted, the process proceeds to step S94. If not encrypted, the process proceeds to step S96. The decryption unit 232 can determine whether or not the data is encrypted based on whether or not a predetermined character string (“{enc:”) is included at the beginning of the extracted data.

  [Step S94] The decryption unit 232 decrypts the data extracted using the key acquired by the key acquisition unit 220. The decryption unit 232 can acquire the key by referring to the value of the predetermined variable output from the key acquisition unit 220. The specific content of the decryption process is as the process based on the code 542b in FIG. The decryption unit 232 decrypts the data after removing the predetermined character string added to the data.

[Step S95] The decryption unit 232 replaces the element of the tag of the HTML document 550a with the decrypted data.
[Step S96] The decryption unit 232 determines whether all the elements of the tag “td” have been processed. If all have been processed, the process is completed. If there is an unprocessed item, the process proceeds to step S91.

  In this way, the decoding unit 232 performs a decoding process. The web browser 210 displays the schedule browsing screen 550 on the monitor based on the HTML document decrypted by the decrypting unit 232.

  FIG. 27 is a diagram illustrating a specific example of the data browsing method according to the second embodiment. The data providing server 100 is installed on the premises of a service provider, for example. The data storage unit 110 stores user data that is at least partially encrypted. The data storage unit 110 may be provided in the data providing server 100 or may be provided as a separate storage device.

  The terminal device 200 and the key management server 300 are installed in the user company. After the terminal device 200 accesses the data providing server 100 and is authenticated by the user, the terminal device 200 transmits a request for a schedule browsing screen. Then, the terminal device 200 can acquire the data stored in the data storage unit 110 and the URI of the key for decrypting the encrypted part of the data from the data providing server 100 (ST11).

Then, the terminal device 200 acquires a key from the key management server 300 based on the acquired URI, and decrypts the encrypted portion of the data (ST12).
Thereby, the terminal device 200 can appropriately decode the data managed by the data providing server 100 and provide the contents to the user. At this time, since the key can be managed not by the service provider but in the company, there is no possibility that the service provider obtains the key illegally. Therefore, data safety can be improved. Further, it is not necessary to provide a special device for performing cryptographic processing in the network between the user company and the service provider. That is, since the terminal device 200 can perform the encryption process by the function of the application provided by the data providing server 100, the cost associated with the start of using the service can be further reduced.

  Furthermore, the terminal device 200a is a computer used by employees of the user company outside the user company. When the terminal device 200a is authenticated by accessing the data providing server 100, the terminal device 200a can acquire the data stored in the data storage unit 110. At this time, the data providing server 100 replaces the encrypted portion of the provided data with a predetermined character string (for example, confidential). As a result, the safety of data against access from outside the company can be improved. In addition, it is possible to prevent presentation of meaningless information about the encrypted portion for access from outside the company.

  The terminal device 500 is a computer used by a third party. Terminal apparatus 500 cannot access network 20 and cannot obtain a key (ST31). For this reason, even if the data stored in the data storage unit 110 is illegally acquired from the service provider, the encrypted portion cannot be browsed. That is, it is possible to improve data safety for a third party.

[Third Embodiment]
Hereinafter, the third embodiment will be described in detail with reference to the drawings. Differences from the second embodiment will be mainly described, and description of similar matters will be omitted.

  In the second embodiment, user data including an encrypted part is stored in the data providing server 100. On the other hand, in the third embodiment, user data is stored in the data management server 300a connected to the network 20 in the user company. More specifically, the part that may be disclosed to the service provider, such as date and time information included in the schedule, is stored in the data providing server 100, but the part such as the location and contents of the schedule is stored in the data management server 300a. To store. Thereby, the safety | security of a confidential part can be improved further. Hereinafter, such an information processing system will be specifically described.

  FIG. 28 is a diagram illustrating an information processing system according to the third embodiment. This information processing system is a Web system that provides business services to a user company. Data for business is stored in the data providing server 100 managed by the service provider. In this information processing system, a data providing server 100, terminal devices 200 and 200a, a key management server 300, and a data management server 300a are connected via networks 10 and 20 and a communication device 10a.

  Here, the data providing server 100, the terminal devices 200 and 200a, the key management server 300, the networks 10 and 20, and the communication device 10a are configured in the second embodiment described with the same reference numerals in FIG. Is the same.

  However, the schedule data stored in the data providing server 100 is set with an encrypted URI for the confidential part such as the location and contents of the schedule. This URI indicates the location of the contents of the confidential part stored in the data management server 300a. The data providing server 100 stores a key for decrypting the encrypted URI together with the schedule data.

  The data management server 300a is connected to the network 20. The data management server 300a stores and manages information on confidential parts (location, outline, etc.) included in the schedule. When the data management server 300 a receives a request from the terminal device 200, the data management server 300 a responds to the terminal device 200 with information on a confidential part corresponding to the request.

The data management server 300a can also be realized by the same hardware configuration as the data providing server 100 shown in FIG.
The functional configurations of the data providing server 100, the terminal device 200, and the key management server 300 according to the third embodiment are the same as the functional configurations shown in the second embodiment. However, the following points differ depending on the functions realized by the Web browser 210 of the terminal device 200.

  FIG. 29 is a diagram illustrating a functional configuration of the terminal device according to the third embodiment. The terminal device 200 includes a Web browser 210, a key acquisition unit 220, and an encryption processing unit 230. These functions are realized by the CPU of the terminal device 200 executing a predetermined program.

  The web browser 210 transmits a request for a schedule browsing screen to the data providing server 100. Then, the Web browser 210 receives from the data providing server 100 a response including an HTML document describing an encrypted URI indicating the location of the data content and a URI of a key for decrypting the URI.

The key acquisition unit 220 acquires a key from the key management server 300 based on the URI of the key. The decryption unit 232 decrypts the encrypted URI indicating the location of the data content with the key.
The web browser 210 acquires the contents of the schedule from the data management server 300 a based on the URI decoded by the decoding unit 232, and displays the acquired contents on a monitor connected to the terminal device 200.

  FIG. 30 is a diagram illustrating the contents of schedule data according to the third embodiment. The schedule data 400a shown in (A) indicates before encryption. The schedule data 410a shown in (B) indicates after encryption.

  The schedule data 400a has a plurality of data items indicating the contents of the schedule. The data items include a location 401a and a summary (SUMMARY) 402a. Here, each data item of the place 401a and the outline 402a corresponds to the place 401 and the outline 402 which are data items of the schedule data 400 shown in FIG.

  For example, information “<http://shanai.example.com/schedule/tarou1.jssonp>” is set in the location 401a. Further, for example, information “<http://shanai.example.com/schedule/taro2.jsonp>” is set in the overview 402a.

  When the registration button 547 on the schedule registration screen 540 shown in FIG. 13 is pressed, the Web browser 210 stores the contents of the corresponding data item in the data management server 300a. Then, the corresponding data item is replaced with a URI indicating the storage location. This corresponds to the place 401a and the outline 402a. Thereby, the schedule data 400a is generated.

Further, the encryption unit 231 encrypts the URI with the key acquired from the key management server 300, and generates schedule data 410a.
The schedule data 410 a has the same data items as the schedule data 400. The data items include a location 411a and a summary 412a. The location 411a corresponds after the location 401a is encrypted. Summary 412a corresponds to the summary 402a after encryption.

  For example, when a place and an outline are selected as the encryption target of the user, encrypted URIs are set in the place 411a and the outline 412a as in the schedule data 410a. Then, the terminal device 200 transmits the schedule data 410a to the data providing server 100. The data providing server 100 registers the contents of the schedule data 410 a in the data management table 113 stored in the data storage unit 110.

  FIG. 31 is a diagram illustrating a specific example of the data browsing method according to the third embodiment. The data providing server 100 is installed on the premises of a service provider, for example. The data storage unit 110 stores user data that is at least partially encrypted. The data storage unit 110 may be provided in the data providing server 100 or may be provided as a separate storage device.

  The terminal device 200, the key management server 300, and the data management server 300a are installed in the user company. After the terminal device 200 accesses the data providing server 100 and authenticates the user, the terminal device 200 transmits a request for a schedule browsing screen. Terminal apparatus 200 then receives a response including data stored in data storage section 110 and a URI of a key for decrypting the encrypted URI portion of the data from data providing server 100 (ST41). The encrypted URI portion corresponds to the location 411a and the summary 412a (except for the character string “LOCATION” indicating the data item) shown in FIG.

  Then, the terminal device 200 acquires a key from the key management server 300 based on the acquired URI (ST42). The terminal device 200 decrypts the encrypted URI portion of the data with the acquired key (ST43). The decrypted URI portion corresponds to the location 401a and the outline 402a (excluding the character string indicating the data item) shown in FIG. Furthermore, the terminal device 200 acquires item contents corresponding to the URI from the data management server 300a based on the decrypted URI (ST44). The data providing server 100 generates an HTML document including a script for causing the terminal device 200 to execute the process of ST44, and includes the HTML document in the response of ST41. The terminal device 200 can realize the processing of ST44 by executing the script of the HTML document.

  Thus, the information processing system according to the third embodiment can achieve the same effects as those of the second embodiment. In particular, by storing confidential content in the in-house data management server 300a, the security of the content can be further improved.

  When the terminal device 200a accesses from outside, the data providing server 100 replaces the encrypted URI part with a predetermined character string (for example, confidential) and transmits a response to the terminal device 200a. As a result, as in the second embodiment, it is possible to improve the safety of data against access from outside the company. In addition, it is possible to prevent presentation of meaningless information about the encrypted portion for access from outside the company.

  Further, the data providing server 100 transmits a program that causes the terminal device 200 to acquire a key as a script included in the HTML document. However, the data providing server 100 uses a data format other than an HTML document that can be executed by the terminal device 200. May be sent.

  Furthermore, the key used for encryption and the key used for decryption may be the same or different. In that case, the URI of the key for encryption and the URI of the key for decryption are registered in the user management table 111. Then, the data providing server 100 acquires a key corresponding to encryption and decryption from the user management table 111 and transmits the key to the terminal device 200.

  In the information processing system, the business service for managing the schedules of the employees of the user company is exemplified, but the present invention is not limited to this. For example, the present invention may be applied to business services that provide other groupware functions such as bulletin boards and electronic mail, functions such as attendance management and salary management. Thereby, the security of the confidential part of the document provided by these business services can be easily improved.

  As described above, the data providing method, the data providing apparatus, and the data providing program of the present invention have been described based on the illustrated embodiments. However, the present invention is not limited thereto, and the configuration of each unit is an arbitrary configuration having the same function. Can be substituted. Moreover, other arbitrary structures and processes may be added. Further, any two or more configurations (features) of the above-described embodiments may be combined.

DESCRIPTION OF SYMBOLS 1 Data provision apparatus 1a, 1b Storage part 1c Reception part 1d Processing part 1e Transmission part 2 Terminal apparatus 3 Information processing apparatus

Claims (10)

Data providing device
When a data acquisition request including predetermined identification information is received from the terminal device, the first storage unit that stores registration data and identification information in association with each other is referred to, and the identification information included in the data acquisition request is handled. with the registration data to get to, with reference to the second storage unit for storing management information location information indicating the location of the keys used in the encryption process and the identification information has been correlated, contained in the data acquisition request Obtaining location information corresponding to the identification information
A program for causing the terminal device to acquire the key stored in the information processing device indicated by the acquired registration data and the acquired location information, and decrypting the registration data acquired using the acquired key Are transmitted to the terminal device,
A data providing method characterized by the above. The data providing device is
Upon receiving a data registration request including the identification information from the terminal device, the location information corresponding to the identification information included in the data registration request is obtained with reference to the second storage unit,
A key acquisition program for causing the terminal device to acquire the key stored in the information processing device indicated by the acquired location information is transmitted to the terminal device;
When registration data at least partially encrypted with the key is received from the terminal device, the registration data is stored in the first storage unit in association with identification information included in the data registration request.
The data providing method according to claim 1. In the management information, information indicating which data item is to be encrypted among data transmitted by the terminal device in association with identification information is set.
The data providing device is
When the data registration request is received, the management information stored in the second storage unit is referred to generate an encryption program for encrypting the data item to be encrypted by the terminal device using the key. Transmitting the encryption program together with the key acquisition program to the terminal device;
The data providing method according to claim 2, wherein:   The key is stored in an information processing device in a network to which the terminal device is connected,
  In the network, access from outside the network is restricted,
  The data providing method according to claim 1, wherein the data providing method is a data providing method. A receiving unit for receiving a data acquisition request including predetermined identification information from the terminal device;
Referring to a first storage unit that stores registration data and identification information in association with each other, the registration data corresponding to the identification information included in the data acquisition request is acquired, and the location of a key used for encryption processing the by referring to the second storage unit in which the location information and the identification information storing management information that is correlated shown, a processing unit for acquiring location information corresponding to the identification information included in the data acquisition request,
A program for causing the terminal device to acquire the key stored in the information processing device indicated by the acquired registration data and the acquired location information, and decrypting the registration data acquired using the acquired key And a transmitting unit for transmitting to the terminal device,
A data providing apparatus comprising: When a data acquisition request including predetermined identification information is received from the terminal device, the first storage unit that stores registration data and identification information in association with each other is referred to, and the identification information included in the data acquisition request is handled. with the registration data to get to, with reference to the second storage unit for storing management information location information indicating the location of the keys used in the encryption process and the identification information has been correlated, contained in the data acquisition request Obtaining location information corresponding to the identification information
A program for causing the terminal device to acquire the key stored in the information processing device indicated by the acquired registration data and the acquired location information, and decrypting the registration data acquired using the acquired key Are transmitted to the terminal device,
A data providing program for causing a computer to execute processing.   Data providing device
  When receiving a data acquisition request from the terminal device, the encrypted data corresponding to the data acquisition request, and location information indicating the location of the key used for encryption processing of the data are acquired,
  The acquired data and the key specified based on the acquired location information stored in the information processing device in the network to which the terminal device is connected are acquired by the terminal device, and the acquired key is A program for decrypting the data acquired by using the terminal device, and
  In the network, access from outside the network is restricted,
  A data providing method characterized by the above.   When receiving a data acquisition request from the terminal device, a processing unit that acquires encrypted data corresponding to the data acquisition request and location information indicating a location of a key used for encryption processing of the data;
  A key specified based on the acquired location information stored in an information processing device in the network to which the terminal device is connected and access from the outside of the network is restricted. A program for causing the terminal device to acquire the program for decrypting the data acquired using the acquired key, and a transmission unit for transmitting to the terminal device;
  A data providing apparatus.   When receiving a data acquisition request from the terminal device, the encrypted data corresponding to the data acquisition request, and location information indicating the location of the key used for encryption processing of the data are acquired,
  A key specified based on the acquired location information stored in an information processing device in the network to which the terminal device is connected and access from the outside of the network is restricted. To the terminal device, and transmits to the terminal device a program for decrypting the data acquired using the acquired key.
  A data providing program that causes a computer to execute processing.   A data providing device;
  A terminal device;
  An information processing apparatus connected to a network to which the terminal device is connected and access from outside the network is restricted, and a data providing system comprising:
  The data providing device is
  First storage means for storing encrypted data;
  When receiving a data acquisition request from the terminal device, transmission means for transmitting the encrypted data corresponding to the data acquisition request and location information indicating the location of a key used for encryption processing of the data to the terminal device; With
  The information processing apparatus is
  Second storage means for storing the key;
  The terminal device is
  Obtaining means for obtaining a key identified from the transmitted location information from the information processing apparatus;
  Decryption processing means for decrypting the encrypted data acquired using the acquired key
  A data providing system characterized by that.

Images