JPS5862745A - Secret protection system in information retrieval system - Google Patents
Secret protection system in information retrieval systemInfo
- Publication number
- JPS5862745A JPS5862745A JP56161271A JP16127181A JPS5862745A JP S5862745 A JPS5862745 A JP S5862745A JP 56161271 A JP56161271 A JP 56161271A JP 16127181 A JP16127181 A JP 16127181A JP S5862745 A JPS5862745 A JP S5862745A
- Authority
- JP
- Japan
- Prior art keywords
- retrieval
- information
- secret protection
- secret
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Abstract
Description
【発明の詳細な説明】
本発明は情報検索システムにおける機密保護の方式に関
し、処理の高速化及び機密保−のかけ方の自由度の向上
を目的とするものである。DETAILED DESCRIPTION OF THE INVENTION The present invention relates to a security protection system in an information retrieval system, and aims to speed up processing and increase the degree of freedom in how to maintain security.
従来より、利用者(検索者)の資格に応じて参照可能な
情報範囲に制限を付けることは行なわれていた。Conventionally, the range of information that can be referenced has been limited depending on the qualifications of the user (searcher).
しかしその場合、制限されるのは項目単位であって。However, in that case, the restrictions are on an item-by-item basis.
同一項目の内容(値)Kよって制限することは行なわれ
ていなかった。またその資格チェックのための処理は各
トランプクシ1ンの都度毎回性なわれており、計算機の
負荷が大きく、レスポンスが遅くなる欠点があった。There was no restriction based on the content (value) K of the same item. In addition, the process for checking qualifications is performed every time each playing card is processed, resulting in a heavy load on the computer and a slow response.
例えば、企業における人事情報の検索について考えてみ
る。人事情報は各従業員毎に多数の項目、即ち。For example, consider searching for personnel information in a company. Personnel information includes a large number of items for each employee, viz.
氏名・年令・住所・所属・役職・従業員番号・学歴・賞
罰・人事査定、などから成る。一般にこのような情報の
検索を行なう場合は、検索したい対象を表現する条件式
を入力する。例えば「年令が30才以上で所属が営業関
係の者をリストアツブせよ。」等の指定をする〇
一方で機密保護の処理としては利用者のIDカード等か
らその資格をチェックして一定の範囲の情報のみを出力
可とするが、従来の場合は検索者の資格のグレード分け
は任意に行なわれるが、検索対象の情報のグレード分け
は項目単位であり、ある項目を高資格の検索者には見せ
るが低資格者には見せないという様ないわばタテ割りの
チェック方式であった。従って、あるグレードの資格者
に対して、ある項目の値が一定値以上のものは見せない
がそれ未満のものは見せる。という様ないわばヨコ割り
のチェックはできなかった。例えば役職という項目につ
いて、その項目が部長以上である従業員のデータは見せ
ないが2課長以下の従業員のデータであれば見せるとい
うことは資格チェックとしてはできなかった。It consists of name, age, address, affiliation, position, employee number, educational background, rewards and punishments, personnel assessment, etc. Generally, when searching for such information, a conditional expression expressing the object to be searched is input. For example, you can specify something like ``Restore people who are over 30 years old and belong to a sales-related department.''On the other hand, to ensure confidentiality, check the user's qualifications from the user's ID card, etc., and specify a certain level. Only information within a range can be output, but in the past, the qualifications of searchers were graded arbitrarily, but the information to be searched was graded on an item-by-item basis, and a certain item could be output by a highly qualified searcher. It was a sort of vertical checking system where the information was shown to those with lower qualifications but not to those with lower qualifications. Therefore, for a qualified person of a certain grade, items with a certain value above a certain value will not be shown, but items below that value will be shown. In other words, it was not possible to check horizontally. For example, regarding the item title, it was not possible to show the data of employees who are general manager or above, but to show the data of employees who are 2nd section manager or below, as a qualification check.
また、従来は各トランザクシ冒ン毎に毎回資格チェック
を行なっているため、計算機負荷が多い。これは検索処
理がレコード単位に行なわれるものであり、また各レコ
ード中には夫々にすべての項目が含まれており、従う”
て項目単位で資格チェックするとすれば入力条件に該当
するレコードが見付かった場合にその都度参照不可項目
を削除して出力するための処理が必要になるからである
。Furthermore, conventionally, a qualification check is performed every time a transaction is opened, which results in a large computational load. This search process is performed on a record-by-record basis, and each record contains all the items.
This is because if qualifications are checked on an item-by-item basis, each time a record that meets the input conditions is found, it will be necessary to perform a process of deleting non-referenceable items and outputting the record.
本発明はこのような従来の欠点を解決することを目的と
しており、そのために検索条件指定の際に機密保護のた
めの条件を追加して検索処理を行なうものである。The present invention aims to solve these conventional drawbacks, and for this purpose, when specifying search conditions, conditions for security protection are added to perform search processing.
本発明では例えば前記の例で、検索者の役職と同−又は
それ以下の役職の従業員データのみを(全項目)参照可
能とするような資格チェックを行なう。ここで前述の如
く1年令30才以上で営業関係」という条件で検索を行
なうとき、検索者の役職が課長であれば。In the present invention, for example, in the above example, a qualification check is performed such that only employee data (all items) with a position equal to or lower than the position of the searcher can be referred to. Here, as mentioned above, when performing a search using the conditions of "1 year old, 30 years or older, sales related", if the searcher's title is a section manager.
計算機内部にお叶る実際の検索は「年令30才以上で営
業関係でかつ課長以下」という条件で行なわれる。The actual search inside the computer is based on the following conditions: ``Age 30 years or older, working in sales, and below the rank of section manager.''
従って[年令30才以上で営業関係]であっても部長以
上の人のデ タは一切出てこない。この場合もしも最初
の検索条件が「年令30才以上、営業関係、役職が部長
以上」であったとすれば[該当0件Jと出力される。尚
9条件式として「部長以上でかつ課長以下」というのは
論理矛盾であるが、この場合エラー表示はせず、#当な
しという形で出力するようにする。Therefore, even if the person is 30 years old or older and is involved in sales, no data will be available on people above the general manager level. In this case, if the initial search condition is ``Age 30 years or older, Sales related, Position of General Manager or higher'', 0 matching results will be output. Note that the conditional expression 9, ``above the general manager and below the section manager'' is a logical contradiction, but in this case, no error is displayed, and it is output in the form of #untrue.
DBは検索対象データ、pswFi機密保護ファイル。DB is search target data, pswFi security file.
WSBTは検索結果集合ファイル、SALは機密保護附
加手段、 R8Lは検索結果集合作成手段、OPLは値
の出力手段である。図において1機密保護情報手段8A
Lでは入カパッファCBUF中に受けた検索条件式と機
密保護ファイルPSWを読み機密保護の為の条件式を附
加し9作業用のバッフyWBUFへ書き出す。次に検索
結果集合作成手段R8Lは作業用バッファWBUFより
条件式を読み取り、検策対象データDBより条件に該当
する情報群の代表値(例えば従業員ナンバ)を検索集合
ファイルW8 g ’I’ K書き込む。値の出方手段
OPLは検索集合ファイルW8ETK′格納されている
集合を処理め対象として出力を行う。WSBT is a search result set file, SAL is a security addition means, R8L is a search result set creation means, and OPL is a value output means. In the figure 1 security information means 8A
In L, the search condition expression and the security file PSW received in the input buffer CBUF are read, a condition expression for security protection is added, and the data is written to the buffer yWBUF for work 9. Next, the search result set creation means R8L reads the conditional expression from the work buffer WBUF, and retrieves the representative value (for example, employee number) of the information group that corresponds to the condition from the inspection target data DB into the search set file W8 g 'I' K Write. The value output means OPL outputs the set stored in the search set file W8ETK' to be processed.
本発明の実施例によれば、検索結果集合ファイルWSE
TK格納されている情報群Kti、機密保饅のがけられ
九情報群は存在しない為、値の出力手段OPLでは値の
検査を行う必要がなく効率に影響せずに値の機密保護が
実施される。また9機密保護の条件附加が内部的に行わ
れ、検索時に処理対象から除かれる為。According to the embodiment of the present invention, the search result set file WSE
Since the information group Kti stored in TK and the information group Kti of confidentiality do not exist, there is no need to check the value in the value output means OPL, and the value can be protected without affecting efficiency. Ru. In addition, conditions for 9 security protection are added internally and are excluded from processing targets during searches.
機密保護情報が検索者に知られることなく完全な機密保
護が実施される。Complete security is achieved without the security information being known to the searcher.
本発明によれば1条件式により値の機密保護を設定する
為、一つの検索条件式として処理することが可能であり
1機密保IIO為の特別の検査を必要とせずに処理が行
える。また検索結果集合を代表値で管理する為。According to the present invention, since the security of a value is set using one conditional expression, it is possible to process it as one search conditional expression, and processing can be performed without requiring a special inspection for one security IIO. Also, to manage the search result set using representative values.
一つの機密保護条件を設定するだけで関連する情報も同
時に機密保護をかけることかり能となる。By simply setting one security condition, related information can be protected at the same time.
また、従来のタテ割り式の機密保護チェックを前記集合
ファイルWSETについてさらに組合わせれば。Moreover, if the conventional vertically divided security check is further combined with respect to the set file WSET.
よ秒キメ細かな機密保護が可能となる。Very detailed security protection becomes possible.
図は、この発明に基く機密保護情報の一実施例構成図で
ある。図においてはCBUF、WBUFはデータ/(ツ
ファ、P8Wは機密保護ファイル、DBは検索対象デー
タ。
P8Vlj機密保護機密保護チェックTは検索結果集合
ファイル、\8^Lはrli声保鏝附加手段、R8LF
i検索結果集合作成手段、OPLは値の出力手段を示す
。The figure is a configuration diagram of an embodiment of security information based on the present invention. In the figure, CBUF and WBUF are data/(tufa, P8W is a security file, and DB is search target data. P8Vlj security security check T is a search result set file, \8^L is an rli voice protection attachment means, and R8LF
i search result set creation means, OPL indicates value output means.
Claims (1)
複数の項目について特定の値又は値の範囲を入力条件と
して与えて情報検索を行なうシステムにおいて。 検索者の資格にもとづいて予じめ定められた所定の項目
の値又は値の範囲を上記入力条件に付加して検索を行な
うようKしたことを特徴とする情報検索システムにおけ
る機密保護方式。[Scope of Claim] A system for performing information retrieval by giving a specific value or range of values for one or more items as an input condition from among a large number of information groups each consisting of counting items. 1. A security protection system for an information retrieval system, characterized in that a value or range of values of a predetermined item determined in advance based on the qualifications of a searcher is added to the input conditions to perform a search.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP56161271A JPS5862745A (en) | 1981-10-09 | 1981-10-09 | Secret protection system in information retrieval system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP56161271A JPS5862745A (en) | 1981-10-09 | 1981-10-09 | Secret protection system in information retrieval system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| JPS5862745A true JPS5862745A (en) | 1983-04-14 |
| JPH0377536B2 JPH0377536B2 (en) | 1991-12-10 |
Family
ID=15731927
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP56161271A Granted JPS5862745A (en) | 1981-10-09 | 1981-10-09 | Secret protection system in information retrieval system |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JPS5862745A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPS63146144A (en) * | 1986-12-09 | 1988-06-18 | Sanyo Electric Co Ltd | Information filing device |
| US4901348A (en) * | 1985-12-24 | 1990-02-13 | American Telephone And Telegraph Company | Data transmission security arrangement for a plurality of data stations sharing access to a communication network |
| JPH06253002A (en) * | 1993-02-10 | 1994-09-09 | Internatl Business Mach Corp <Ibm> | Automatic renewing method for telephone response mechanism |
| JP2001331518A (en) * | 2000-05-22 | 2001-11-30 | Instranet Inc | System for publishing, organizing, accessing, and distributing information on computer network |
-
1981
- 1981-10-09 JP JP56161271A patent/JPS5862745A/en active Granted
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4901348A (en) * | 1985-12-24 | 1990-02-13 | American Telephone And Telegraph Company | Data transmission security arrangement for a plurality of data stations sharing access to a communication network |
| JPS63146144A (en) * | 1986-12-09 | 1988-06-18 | Sanyo Electric Co Ltd | Information filing device |
| JPH06253002A (en) * | 1993-02-10 | 1994-09-09 | Internatl Business Mach Corp <Ibm> | Automatic renewing method for telephone response mechanism |
| JP2001331518A (en) * | 2000-05-22 | 2001-11-30 | Instranet Inc | System for publishing, organizing, accessing, and distributing information on computer network |
Also Published As
| Publication number | Publication date |
|---|---|
| JPH0377536B2 (en) | 1991-12-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gillenson | Fundamentals of database management systems | |
| Masseglia et al. | Sequential pattern mining | |
| Baker | Information retrieval based upon latent class analysis | |
| US8788480B2 (en) | Multiple candidate selection in an entity resolution system | |
| JP3452531B2 (en) | Method and system for data mining | |
| CN108363768A (en) | A kind of document search method, storage medium and server based on Lucene | |
| US3618027A (en) | Associative memory system with reduced redundancy of stored information | |
| CN106156076B (en) | The method and system of data processing | |
| JPS5862745A (en) | Secret protection system in information retrieval system | |
| CN111383072A (en) | User credit scoring method, storage medium and server | |
| FR2052419A5 (en) | ||
| Ayres et al. | Author versus title: A comparative survey of the accuracy of the information which the user brings to the library catalogue | |
| AU2018100566A4 (en) | Decentralized financial intelligence based on decentralized consensus and anonymized transaction history | |
| Gupta et al. | Security measures in data mining | |
| Kircher | Classification and Coding of Accounting Information | |
| Simon | Analysing Transaction Records of Integrated Library Management Systems to establish the Proportion of Bibliographic Records Imported from Foreign Library Catalogues | |
| Culbertson et al. | The Costs of Data Processing in University Libraries-In Book Acquisition and Cataloging; In Serials Handling; In Circulation Activities | |
| JPH02247773A (en) | Business form data base system | |
| Dileep | An Effective Approach for Indexed Data Access based on Linear Search Technique Using Reference Key Algorithm | |
| Davis et al. | A computer‐based procedure for keyword indexing of newspapers | |
| Green et al. | The Australian shipwreck database; an interim report | |
| Bracken | OTIS Basic Index Access System (OBIAS); A System for Retrieval of Information From the ERIC and CIJE Data Bases Utilizing a Direct Access Inverted Index of Descriptors and a Reformatted Direct Access ERIC-CIJE File. | |
| Woods | Industrial new product development: A manual for the 80's: JW Carson and T. Rickards, Gower Press, Farnborough (1979), 166 pp.£ 15.00 (hardback) | |
| Markuson | Handbook of Data Processing for Libraries (Book Review) | |
| JPH0375941A (en) | Data management system for direct read after write type device |