JPH11272616A - Data communication system for executing data access control - Google Patents

Abstract

PROBLEM TO BE SOLVED: To obtain a system capable of surely maintaining the secrecy of data by a simple constitution by permitting data access in a case that the data security level of an application means which tried access is equal to or higher than the data security level of data which was tried to be accessed. SOLUTION: A server Sn receives data transferred by a server SI and stores it. An application means AP connected to this server Sn tries the access of data regularly or at the time of receiving information on the reception of data from a server. The server Sn receiving the access request of data from the means AP permits data access only when the group of the means AP which tried access and the group of data security information are equal to each other and the data security level of the means AP is equal to or higher than the data security level of data which was tried to be accessed.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a data communication system for performing data access control, and more particularly, to a data communication system in which data access control is separated from application means and is performed as a part of a basic system of the communication system. About.

[0002] Here, the term "access to data" means that data can be obtained or that the contents of data can be browsed. Further, the application means refers to an information processing apparatus controlled by a software program that performs data processing for a specific purpose.

[0003]

2. Description of the Related Art Today, with the development of information communication technology, a large number of users having various data security levels are performing data communication using a common data communication network. Here, the data security level is determined according to the degree of confidentiality of accessible data, and refers to a user's access right to data.

In the conventional data communication, data having various degrees of confidentiality are exchanged through a common data communication network. Therefore, if it is not desired to intercept the data by a user other than a desired destination, various means are used. Has been taken.

First, there is a method of controlling data access in an information processing device used by a user. The information processing device used by the user is controlled by a software program, and the above method authenticates a user's data access authority by the software program and controls data access.

[0006] Data access control individually performed by a software program of the user's information processing device includes data access control at the operation system level and data control at the application means level. Any of these levels of data access control is the same in that data access control is performed individually for each information processing device of the user.
Specifically, when a data access request is made by a user, the information processing device that has received the request checks whether or not the data access by the user is permitted by a scheduled agreement. Data access is permitted only when the

Secondly, there is a method in which only a specific destination can receive data. This is a method of maintaining a specific destination and a communication channel by a communication protocol and eliminating data interception by a user other than the desired destination. Online communication is a simple example.
Also in this case, the method of controlling data access by the user with the individual information processing device described above is one of the points that the receiving information processing device has a portion for confirming whether or not the user can receive the data. Part.

Third, there is a method of encrypting data.
This is to encrypt the data so that only the specific user can decrypt the encrypted data. According to this, even if data is intercepted, it is possible to prevent the contents from being decrypted. As a method of data encryption, for example, there is a public key secret key method.

[0009]

However, in the above-mentioned conventional method for maintaining the confidentiality of communication data, the confidentiality of the data is uncertain, the operation for maintaining the confidentiality of the data is complicated, or There is a problem that communication efficiency is low.

The problem of a method of controlling access to data of a user in the first individual information processing apparatus will be described. According to the method of performing data access control by a user's individual information processing device, data security is completely maintained in all information processing devices in a state where a large number of information processing devices are spatially distributed. It was difficult. That is, since a software program for performing data access control exists in each information processing apparatus, there is a possibility that the software program may be falsified and data accessed by an unauthorized user.

Further, in this method, since the data access control function must be incorporated in the software programs of a large number of information processing apparatuses, a large amount of work is required as a whole to configure the data communication system, and the modification is required. Also required enormous work when needed.

[0012] For data security (data confidentiality) in a data communication system, data access control is performed by individually setting a data security level. It is preferable to perform data access control.

Next, a problem of a method of retaining a specific destination and a communication channel by a communication protocol and excluding data interception by other users will be described.
According to this method, it is necessary to specify a transmission destination when transmitting data. However, when there are many transmission destinations, all the transmission destinations are specified, which is inconvenient. In a real data communication situation, it is often the case that all users who have a certain data access authority or higher want to transmit data under conditions that allow free access. The above conventional method cannot respond to this request as it is.

[0014] In addition, there is a problem that it is not preferable in terms of data communication efficiency because communication is performed only between limited communication stations.

[0015] Further, according to this method, the user must be authenticated by the receiving information processing apparatus. For this reason, there are programs that perform data access control in a large number of information processing apparatuses that are physically and spatially dispersed, and have essentially the same problem as the method of controlling user data access in the individual information processing apparatuses. .

Next, the problem of the data encryption / decryption method will be described. In the data encryption / decryption method, it is necessary to encrypt / decrypt the data. For example, in a public key private key method, each user publishes a public key, and each person holds a private key.

However, this method has a problem that the system becomes too complicated, for example, for the purpose of data security in the same company. In real data communication situations, without encrypting the data itself,
In many cases, it is sufficient to prevent data browsing. For this reason, a simpler but more reliable data access control method than the data encryption / decryption method has been demanded.

In view of the above-mentioned problems of the prior art, the problem to be solved by the present invention is that a system for performing data access control has a simple structure as a whole, and is easy to maintain and manage. Another object of the present invention is to provide a data communication system capable of reliably maintaining data security.

[0019]

According to a first aspect of the present invention, there is provided a data communication system for performing data access control, comprising: a plurality of application means for performing predetermined data processing by performing data communication; and a data communication network for performing data communication. A data access control system that performs data access control by interfacing with the application means and the data communication network, wherein the application means is configured to access data in accordance with the degree of confidentiality. The data access control system is configured to add the data security level of the application means of the transmission source to the transmission data as data security information. Means for adding data security information to the data communication network, a server for receiving and storing the data, a data security level of the application means for accessing the data stored on the server, and a data security level of the data for which access was attempted. Request matching means for comparing the data security level with the data security level, and permitting the data access by the application means only when the data security level of the application means attempting to access is higher than or equal to the data security level of the data attempted to be accessed. It is characterized by doing.

A data communication system for performing data access control according to claim 2 of the present invention is the data communication system according to claim 1, wherein the application means includes at least one of a group having a plurality of hierarchical data security levels. The data access information adding means of the data access control system adds a group of application means of a transmission source and a data security level thereof to data to be transmitted as data security information, and the data communication information as required for transmission. Handing over to a network, the request matching means of the data access control system attempts access with the group and data security level of the application means that attempted to access the data stored in the server. Comparing the group in the data security information of the accessed data and the data security level, and the group of the application means that attempted access is the same as the group in the data security information of the data tried to access; Is configured to permit data access by the application means only when there is at least one case where the data security level of the application means that attempted the access is higher than or equal to the data security level in the data security information of the data to which access was attempted. It is characterized by having.

According to a third aspect of the present invention, in the data communication system for performing data access control according to the first or second aspect, either the application means or the data access control system transmits data. It is characterized by having additional data security information means for allowing a user to add an arbitrary data security level or an arbitrary data security level and group as additional data security information to transmission data as necessary.

[0022]

Embodiments of the present invention will be described below with reference to the drawings attached to the application.

FIG. 1 conceptually illustrates the configuration of a “data communication system for performing data access control” according to an embodiment of the present invention.

As shown in FIG. 1, a data communication system 1 according to the present invention comprises a plurality of application means AP,
Data communication network 2 and application means A
P and a data access control system 3 which interfaces with the data communication network 2.

The application means AP performs data communication and performs data processing for a specific purpose. In essence, the application means AP refers to an information processing device controlled by a software program to perform predetermined data processing.

In this specification, when the application means AP is given a data security level as an information access authority as described later, or when the application means AP adds additional data security information to the transmission data. If so, it is assumed that the user using the application means is fixed, and the data security level of the user is assigned to the application means AP, or the user adds additional data security information to the transmission data. It means that. That is,
In the system, the application means AP is treated as an integral entity including the user. In this case, permission or non-permission of data access to the application means AP has the same meaning as permission or non-permission of data access to a user who uses the application means AP.

The data communication network 2 is a system for performing data communication. Data communication network 2
May have a known configuration, and is actually composed of hardware such as a communication line network, a controller, and an exchange, and software that performs control for performing communication such as route selection and exchange. .

The data access control system 3 is a part for performing characteristic data access control of the present invention.
The data access control system 3 forms an interface between the data communication network 2 and the application means AP. Here, forming an interface means performing the following functions.

The transmission from the application means AP is relayed to the data communication network 2. When relaying,
Logical characteristics such as commands and responses of each application means AP and the data communication network 2 are matched, and processing for normal connection is performed.

When relaying the transmission from the application means AP, data security information described later is added to the transmission data.

The transmitted data is temporarily stored,
It performs data access control for application means that accesses the data, that is, determines and controls whether data access is permitted or not.

In the present embodiment, the data access control system 3 comprises a plurality of servers S1, S2,..., Sn as shown in FIG. Each server S1,
S2,..., Sn are physically composed of information processing apparatuses having a communication function and capable of performing data processing for performing access control.

A plurality of application means AP are connected to each server S1, S2,..., Sn as a client group. The group of application means AP connected to one server forms one group that handles a common type of information. The application means AP forms a group because the degree of confidentiality of information inside and outside the group is different. Examples of the group that are easy to understand include, for example, a general affairs department, an accounting department, and a human resources department within one company. In the same section of each section (each information group), most users of the section also share information that is highly confidential to other sections. That is, even when the same data is exchanged within the same group and transmitted to another group, the degree of confidentiality of the data is different.

Further, the degree of confidentiality of data that can be accessed by a user is different even within the same group. Due to the difference in data access authority (data security level) in the same group, data access control in the same group is performed.

Transmissions from a given user, ie the application means AP, are for the same group,
Some are for other groups.

Transmission to the same group corresponds to transmission from the application means AP1 in FIG. In transmitting and receiving data from the application means AP1 to the same group, first, transmission data is transmitted from the application means AP1 to the server S2 of the same group and stored therein, and the data is transmitted by access of another application means AP in the same group. Is realized by being passed.

In this case, when data is sent from the application means AP1 to the server S2 and stored therein, information (data security information to be described later) defining the application means AP that can access the data is added. Later, when there is a data access request for the data from another application means AP, the data security information is referred to,
Application means A having higher data access authority than data security information given to data
Only data access by P is permitted.

Next, transmission and reception of data to and from another group will be described. The transmission from the application means AP2 in FIG. 1 corresponds to this. The transmission and reception of data from the application means AP2 to other groups
First, the transmission data is sent to the connection server S1 of the application means AP2. Server S1
Adds the data security level information of the source application means AP2 and the additional data security information, passes the data to the data communication network 2, and transmits the data to the server Sn of the destination group by the function of the data communication network 2. . In this case, the transmission destination server may be transmitted to all the servers connected to the data communication network 2 without specifying the transmission destination server (broadcast communication).

The server Sn receives the data transferred by the server S1 and stores it. The application means AP connected to the server Sn attempts to access the data periodically or in response to the data reception notification from the server. Application means AP
Receives the data access request from the server, the server Sn compares the data security level of the application means AP that tried to access with the data security information of the data that tried to access, and the group of the application means AP that tried to access made the data Data access is permitted only when the data security level is the same as that of the security information group and the data security level of the application means AP that attempted access is equal to or higher than the data security level of the data to which access was attempted.

As described above, only the application means AP of the group designated by the transmission source application means AP2 which has the predetermined data access authority or higher can access the data.

In the example of FIG. 1, one server of the data communication network 2 exists in each group sharing the same information type.
There is no need to provide a plurality of servers, and a single server may be used in all systems that perform data access control in a unified manner. Also, multiple groups can share the same server. Further, the information processing apparatus that controls the entire communication of the data communication network 2 may perform the control.

Next, details of the data access control will be described with reference to FIG. In the data communication system for performing data access control according to the present invention, each application means is provided with a data security level that defines the degree of confidentiality of data that can be handled by the application means.

It is assumed that the application means belongs to at least one of groups having a plurality of hierarchical data security levels.

The data access control system has data security information adding means, a server for storing received data, and request matching means.

The data security information adding means is a means for performing processing of adding the data security level of the application means of the transmission source to the transmission data as data security information, and passing the data to the data communication network as necessary.

The request matching means compares the data security level of the application means attempting to access the data stored in the server with the data security information of the attempted access data, and determines the group of the application means which attempted the access. And the data security level of the application means that is the same as the group in the data security information of the data attempted to be accessed, and is equal to or higher than the data security level in the data security information of the data attempted to be accessed. This is means for permitting data access by the application means only when there is at least one case.

In the following description, an additional data security information means for allowing a user who transmits data to add an arbitrary data security level or an arbitrary data security level and a group to the transmission data as additional data security information as necessary. It shall be provided in either the application means or the data access control system.

Each of the means constituting the data communication system of the present invention is, in effect, an information processing apparatus controlled by a software program for performing the above-described processing. These information processing apparatuses do not depend on the physical arrangement configuration as long as the processing is performed.

Next, the relation and flow of the processing between the above-mentioned units will be described with reference to FIG. In FIG. 2, each block indicates the content of the process, and the one enclosed by a broken line on the arrow side of the output of each block indicates the content to be output.
What is shown in parentheses on the side of each block is a component of the data communication system that performs the processing.

As shown in FIG. 2, it is assumed that data is transmitted from a certain application means (this is referred to as a transmission source application means) first (step S100). The data transmission request is sent to the data access control system (physically, its predetermined server).

Next, the presence or absence of additional data security information is confirmed by either the transmission source application means or the data access control system (step S110).

If there is additional data security information, a destination group that can receive the data and a data security level in the group are specified by the user who wants to transmit via the additional data security information means. (Step S120).

The transmission data to which the additional data security information is added is sent to the data security information adding means of the data access control system. On the other hand, the transmission data confirmed to have no additional data security information in step S110 is also sent to the data security information adding means of the data access control system as it is. Here, the data security information adding unit adds the group of the data transmission source application unit and the data security level to the transmission data (step S130).

By the processing in step S130, information on the group of the source application means and the data security level and, if necessary, the group of the destination application means and the data security level (data security information) are added to the transmission data. The data security information added is transmitted to a predetermined server of the data access control system and stored therein (step S140).

The application means attempts to access the data stored in the server periodically or upon receiving a notice of data reception (step S150).

When there is a data access request,
The data security information of the data is compared with the data security level of the application means to be accessed by the request matching means of the data access control system (step S160).

As a result, the group of the application means for which access was attempted is the same as the group in the data security information of the data for which access was attempted, and the data security level of the application means for which access was attempted is attempted. Only when the data security level is equal to or higher than the data security level in the data security information of the data, the data access is permitted (step S170).

The above request matching and data access control will be described with reference to a specific example and FIG.

FIG. 3 shows that data D is transmitted from user B when three users A, B, and C belong to different groups, and each group has a different data security level. 6 illustrates data access control for each user in the case.

In the example of FIG. 3, there are three groups M, N and P which handle the same kind of information. For clarity,
Suppose that the group M is the general affairs department, the group N is the accounting department, and the group P is the personnel department. The groups M, N, and P have a hierarchical data security level 1,
2,..., N.

The user A is responsible for the group M (for example, the general affairs department), has the highest data security level N in the group M, and can access any data in the group M. For Group P (HR department), User A can access data with some confidentiality and
Has a data security level of 2. However, for group N (accounting department), user A
Has no access to any data and does not have a data security level.

User B belongs to group N ((Accounting department)
Members. User B is group N
(It is assumed that the user B has the data security level 2 in the (accounting department). The user B has the data security level 1 in the group M (general affairs department).

User C is responsible for group P (personnel department), has the highest data security level N in group P, and can access any data within group P (personnel data). And User C for Group N (Accounting Department)
Can access some sensitive data,
Group N has data security level 2. On the other hand, regarding group M (general affairs department), user C cannot access any data and does not have a data security level.

The user group and the data security level are described in the respective columns in the left column of the table below FIG. 3 and serve as criteria for request matching.

Now, assume that user B has transmitted data D. The data D is transmitted to the data N by the data security information adding means of the data access control system as the data security information of the transmission source. Data security level 2 is automatically added.

Further, it is assumed that user B has added additional data security information by additional data security information means so that the persons in charge of groups M and P, that is, users of data security level N or higher can access.

The data security information of the data D is as shown in the middle part of FIG. That is,
(Group M. Data security level N) + (Group N. Data security level 2) + (Group P. Data security level N).

Assuming that users A, B, and C attempt to access the data D, the result of the request matching is as shown in the lower table of FIG. ○ in the table
Indicates that the request matches the condition that permits access. On the other hand, x in the table indicates that the request does not match the condition for permitting access.

For simplicity, only the case of user A will be described. User A has a data security level of (group M. data security level N) and a data security level of (group P. data security level 2).
A comparison of the data security level of the same group with the data security level of the user A and the data security information of the data D is as follows (the data security level is simply abbreviated as a level). User A: (Group M. Level N) = (Group M. Level N) → Match (No Group N. Level) <(Group N. Level 2) → Unmatched (Group P. Level 2) <(Group P. Level 2) Level N) → No match If there is at least one request match, data access by the user A (application means) is permitted. If there is no request match, data access is not permitted.

In the claims of the present application, the phrase “the data security level of the application means is equal to or higher than the data security level in the data security information” means that the data security level of the application means is equal to the data security level in the data security information. This means a state in which the data access authority is at a higher position.

[0071]

As described above, according to the "data communication system for performing data access control" according to the present invention, the data access control can be centrally managed by separating the data access control system from the application means. become. By separating the application means from the data access control system, tampering by an unauthorized user can be prevented, and the possibility of data leakage can be reduced. In addition, since the data access control system can be centrally managed, the system can be easily monitored, and even if there is unauthorized tampering or data access, it becomes easy to find out.

Further, according to the system of the present invention, there is no need to encrypt the data itself, and if necessary, the contents of the data can be grasped as it is, which is convenient.

Further, it is possible to set such that anyone who has a certain data access authority or higher can access data, and can exchange information with high efficiency in accordance with an actual use request.

In terms of data access management, the entire data access can be controlled at a uniform data security level, and a simple information management system can be constructed.

According to the data communication system of the present invention, since the device and software for controlling data access are independent of the application means, the labor for programming for data access control when constructing the system is greatly increased. And the effort in the event of such modifications is greatly reduced.

Finally, according to the data communication system of the present invention, transmission data is first transmitted to all groups, and access to data thereafter is controlled. As a result, the data communication system of the present invention enables communication by the broadcast method, and can improve communication efficiency.

[Brief description of the drawings]

FIG. 1 is a diagram conceptually illustrating a “data communication system performing data access control” system configuration of the present invention.

FIG. 2 is a flowchart showing the flow of processing by the “data communication system performing data access control” of the present invention.

FIG. 3 is a diagram illustrating, using a specific example, request matching by the “data communication system performing data access control” of the present invention.

[Explanation of symbols]

 Reference Signs List 1 data communication system 2 data communication network 3 data access control system AP application means S server

──────────────────────────────────────────────────の Continued on the front page (51) Int.Cl. ⁶ Identification code FI H04L 9/36 H04L 9/00 685

Claims (3)

[Claims] 1. A plurality of application means for performing predetermined data processing by performing data communication, a data communication network for performing data communication, and controlling access to data by interfacing between the application means and the data communication network. A data access control system to perform the data access control system, wherein the application means is provided with a data security level determined according to the degree of confidentiality of accessible data. Data security information adding means for adding the data security level of the application means of the transmission source to the transmission data as data security information and passing the data security level to the data communication network if necessary for transmission; A server that receives and stores the data, compares the data security level of the application that has attempted to access the data stored in the server with the data security level of the data that has been accessed, and compares the data security level of the application that has attempted access. Request matching means for permitting data access by the application means only when the security level is equal to or higher than the data security level of the data attempted to be accessed;
A data communication system for performing data access control, comprising: 2. The data access control system according to claim 1, wherein said application means belongs to at least one of a group having a plurality of hierarchical data security levels, and said data security information adding means of said data access control system includes: Adding a group of means and its data security level as data security information and passing it to the data communication network for transmission as needed; the request matching means of the data access control system accesses the data stored in the server Attempt to access by comparing the group and data security level of the attempted application means with the group and data security level in the data security information of the data attempted to be accessed. The group of application means is the same as the group in the data security information of the data attempted to be accessed, and the data security level of the application means attempted to access the data in the data security information of the data attempted to be accessed 2. The system according to claim 1, wherein the data access by the application means is permitted only when there is at least one security level or higher.
A data communication system for performing the data access control according to 1. 3. The data transmission control system according to claim 1, wherein said application means and said data access control system transmit, to a user who transmits data, an arbitrary data security level or an arbitrary data security level and group as additional data security information as necessary. 3. A data communication system for performing data access control according to claim 1, further comprising an additional data security information means for adding the data security information to the data communication system.