WO2005081114A1 - 情報処理装置および情報処理装置におけるセキュリティ確保方法 - Google Patents

情報処理装置および情報処理装置におけるセキュリティ確保方法 Download PDF

Info

Publication number
WO2005081114A1
WO2005081114A1 PCT/JP2005/001044 JP2005001044W WO2005081114A1 WO 2005081114 A1 WO2005081114 A1 WO 2005081114A1 JP 2005001044 W JP2005001044 W JP 2005001044W WO 2005081114 A1 WO2005081114 A1 WO 2005081114A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
data
user
information
save
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2005/001044
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
Kazutoshi Kichikawa
Yoshihiro Yano
Takayuki Chikada
Fukio Handa
Syouzou Niwata
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dai Nippon Printing Co Ltd
Original Assignee
Dai Nippon Printing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dai Nippon Printing Co Ltd filed Critical Dai Nippon Printing Co Ltd
Priority to US10/588,322 priority Critical patent/US7574440B2/en
Publication of WO2005081114A1 publication Critical patent/WO2005081114A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/605Copy protection
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99931Database or file accessing
    • Y10S707/99932Access augmentation or optimizing
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99931Database or file accessing
    • Y10S707/99938Concurrency, e.g. lock management in shared database
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99931Database or file accessing
    • Y10S707/99939Privileged access

Definitions

  • the present invention relates to an information processing apparatus and a security securing method in the information processing apparatus, and particularly to a technique for securing security of data created by individual users when one information processing apparatus is shared by a plurality of users.
  • OS operation systems for information processing devices such as personal computers
  • ⁇ S such as UN IX, Windows XP (registered trademark), and Mac OSX (registered trademark)
  • individual users are required to log on at the beginning of using the system.
  • the basic usage pattern is to perform a log-off procedure (called a log-out procedure in some cases) at the end of use.
  • an object of the present invention is to provide a method capable of ensuring more sufficient security for data created by individual users when the same information processing device is shared by a plurality of users. Disclosure of the invention
  • a first aspect of the present invention provides an information processing device
  • a data storage unit for storing a data file
  • the user management unit that refuses logon procedures by other users until the logon procedure is performed for the user, and data storage based on the operation of the logged-on user
  • a restoration processing unit for executing processing After the above specified user has executed the logon procedure, by referring to the management information as necessary, the file to be saved, which has been saved to an external storage device, is copied and restored in the temporary storage.
  • a restoration processing unit for executing processing
  • the restoration processing unit restores a hierarchical structure at the time of saving the data file; Specific data selected from within the hierarchical structure restored by This restoration processing for restoring an overnight file, and is executed.
  • a third aspect of the present invention provides the information processing apparatus according to the first or second aspect, wherein
  • the save processing section recognizes a data file stored in a predetermined save target folder as a save target file.
  • the evacuation processing unit recognizes a temporary file having a predetermined extension added to the file name as an evacuation target file.
  • the management information is stored in a removable portable information recording medium
  • the restoration processing unit refers to the management information stored in the portable information recording medium when executing the restoration processing.
  • address information of an external storage device to which the file to be saved is saved is used.
  • the seventh aspect of the present invention is the information processing apparatus according to the first to sixth aspects, wherein:
  • the evacuation processing unit When executing the evacuation processing, divides the evacuation target file into a plurality of divided files based on a predetermined division method, and saves each of the divided files to a plurality of different storage devices. Executing the management information including information indicating the predetermined division method,
  • the restoration processing unit performs restoration based on the information indicating the division method included in the management information.
  • the file to be saved is restored.
  • An eighth aspect of the present invention is based on the information processing device according to the first to seventh aspects,
  • the evacuation processing unit executes a process of encrypting the evacuation target file based on a predetermined encryption method and then evacuating the file to an external storage device, and executes the predetermined encryption method.
  • Create management information that includes the information
  • the restoration processing unit performs a decryption process based on the information indicating the encryption method included in the management information, and restores the file to be saved.
  • the evacuation processing unit executes the deletion processing
  • the evacuation processing unit also performs processing to delete the evacuation target file expanded in the memory.
  • a tenth aspect of the present invention provides a computer program for causing a computer to function as the information processing device according to the first to ninth aspects, and records the program on a computer-readable recording medium. It can be distributed by hand.
  • a data storage unit for storing data files
  • a program execution unit executes a predetermined application program based on the user's operation during the process of executing a process of creating a new data file in the memory or updating an existing data file expanded in the memory.
  • the file to be saved which has been saved to an external storage device, is copied and restored in the temporary storage. And a restoring processing step of executing the processing.
  • the 12th mode of the present invention is the method for securing security in the information processing apparatus according to the above 1st mode
  • the restoration processing step includes a preliminary restoration step of restoring the hierarchical structure at the time of saving the data file, a main restoration step of restoring a specific data file selected from the hierarchical structure restored by the preliminary restoration step. It consists of and. (13)
  • a computer program for causing a computer to execute a save processing step and a restoration processing step in the security securing method according to the first or the second aspect is provided.
  • the program is recorded on a computer-readable recording medium and can be distributed.
  • the file to be saved requiring security is saved to an external storage device, and is saved from the data storage unit. Is deleted, and the file to be saved does not remain in the information processing device. Therefore, even if the information processing device is shared by multiple users, sufficient security can be ensured.
  • FIG. 1 is a block diagram illustrating an operation state of the information processing apparatus 100 according to an embodiment of the present invention.
  • FIG. 2 is a diagram showing an example of a window display showing a hierarchical structure of a data file stored in the data storage unit 110 in the information processing apparatus 100 shown in FIG.
  • FIG. 3 relates to the information processing apparatus 100 shown in FIG. 1.
  • FIG. 3 (a) shows the state of the data storage unit 110 before the save processing
  • FIG. 3 (b) shows the state after the save processing.
  • FIG. 3 is a diagram showing a state of a data storage unit 110 and an external storage device 300.
  • FIG. 4 is a diagram showing the concept of a two-stage restoration processing function by the restoration processing section 170 of the information processing apparatus 100 shown in FIG.
  • FIG. 5 is a diagram illustrating the concept of the division process for the save target file.
  • FIG. 6 is a block diagram showing a modified example in which three different storage devices are connected to the network 200 in order to perform a division process on a file to be saved.
  • FIG. 1 is a block diagram illustrating an operation state of the information processing apparatus 100 according to an embodiment of the present invention.
  • the information processing device 100 includes a data storage unit 110, a development storage unit 120, a memory 130, a user management unit 140, a program execution unit 150, and an evacuation processing unit. It consists of 160 and a restoration processing unit 170.
  • the data storage unit 110, the development storage unit 120, the memory 130, the user management unit 140, and the program execution unit 150 include conventional general information.
  • the components included in the processing device 100, and the save processing unit 160 and the restoration processing unit 170 are components unique to the present invention.
  • the information processing device 100 is a device configured by a so-called computer.
  • the data storage unit 110 is a component for storing data files.
  • the data storage unit 110 can be constituted by a magneto-optical disk device or a rewritable optical disk device (such as a CD-RAM device).
  • the memory 130 is a component for expanding the data file stored in the data storage unit 110 as needed, and is usually constituted by a RAM.
  • the data storage unit 110 functions as a storage location for data files, while the memory 130 functions as a work location for data files.
  • the decompression storage unit 120 is a file decompression process that decompresses a predetermined data file stored in the data storage unit 110 into the memory 130 as necessary, and is decompressed into the memory 130.
  • the development storage unit 120 is realized as a part of the function of the OS program.
  • FIG. 1 shows a state in which the operation of opening the file F2 of the three data files F1 to F3 stored in the data storage unit 110 is performed.
  • the data file F 2 stored in the data storage unit 110 is expanded on the memory 130.
  • the program execution unit 150 has a function of executing a predetermined application program and executing an update process on an existing data file developed on the memory 130.
  • the program execution unit 150 executes a predetermined update process on the data file F2 developed on the memory 130.
  • the content of the update processing applied to the data file F2 varies depending on the type of the application program and the operation performed by the user.
  • the program execution unit 150 is constituted by means for storing a predetermined application program and arithmetic processing means for executing the program.
  • the memory 130 is a component that functions as a work place for a data file, and plays only a role of temporarily holding a data file to be worked on by an application program. Therefore, the data file for which a predetermined operation has been completed on the memory 130 is stored again in the data storage unit 110. This is usually done by an application program. This is executed as a process for saving a data file to be worked. In this case, if you save with the same file name as the original file name, so-called overwrite saving is performed, and if you save with a different file name, it is saved as a new data file.
  • the program execution unit 150 also has a function of executing a process of creating a new data file on the memory 130 by executing a predetermined application program. This function is usually performed as the creation of a new file by the application program.
  • the data file newly created on the memory 130 is finally stored in the data storage unit 110 by a storage process.
  • the data expansion processing by the expansion storage unit 120 ⁇ data overnight storage processing and the execution processing of the predetermined application program by the program execution unit 150 are both input by the user to the information processing apparatus 100. This is performed based on the operation, but in the case of the information processing apparatus 100 that is assumed to be shared by multiple users, each user starts work on the information processing apparatus 100 by performing a predetermined logon procedure. Then, by performing a predetermined logoff procedure, the work on the information processing apparatus 100 is completed.
  • logon means that a predetermined user enters a predetermined account (user name) and a predetermined password as necessary to secure a use state for the information processing apparatus 100.
  • Logoff means terminating the usage status of the currently logged-on user.
  • login may be used in place of “logon”, and the term “logout” may be used in place of “logoff”, but both terms are synonymous in this specification.
  • some OSs can perform a shutdown operation (operation to terminate the OS function and turn off the power) without performing a logoff procedure, but the logoff procedure referred to in this specification is as follows. It also includes a procedure for terminating the usage status by performing a simple shutdown operation.
  • the user management unit 140 keeps the logon procedure until the logoff procedure for the user is performed so that multiple logons are not performed by multiple users. This is a component that performs user management to reject logon procedures by other users.
  • a recent OS for personal computers has the function of the user management unit 140 as a standard part of the OS program function.
  • the user management unit 140 has a function of not only performing user management so that duplicate logons are not performed, but also managing access rights to the currently logged-on user. Have.
  • the user management unit 140 has a function of registering access rights for a plurality of users in advance, recognizes who is currently logged on, and stores the expanded storage unit 12.
  • a supervising process is performed on 0 and the program execution unit 150 to permit only processing operations within the access right of the user. For example, if a user who does not have any read / write authority to a data file created by another user is logged on, the expansion storage unit that attempts to expand the data file created by another user 1 2 0 Is not permitted by the user management unit 140.
  • the functions of the data storage unit 110 to the program execution unit 150 among the components of the information processing device 100 have been described above.
  • the information processing apparatus 100 having these five components is a standard function of a recent personal computer OS, and the information processing apparatus 100 having these five components is a recent OS (for example, Windows XP (registered trademark), Mac OSX ( Registered trademark), UN IX, etc.).
  • the operating system is designed to be shared by multiple users, and as described above, a logon procedure with a predetermined user name is basically required for the user who starts using the system. Access will be granted to individual data files within the scope of the access rights required and set under the user name.
  • An object of the present invention is to secure more sufficient security for data created by individual users when the same information processing device 100 is shared by multiple users. . Therefore, in the information processing apparatus 100 according to the present invention, constituent elements unique to the present invention, that is, a save processing section 160 and a restoration processing section 170 are added. Further, in practicing the present invention, the information processing apparatus 100 is connected to a network 200, and an external device connected to the network 200 is connected to the network 200. An environment that can use the storage device 300 is required.
  • the information processing device 100 such as a personal computer by connecting it to the network 200. Therefore, many information processing devices 100 already have the network 200.
  • the connection environment to is established.
  • a private network such as an in-house LAN may be used, or an internet may be used.
  • the external storage device 300 any device can be used as long as it is a storage device that can be accessed via the network 200.
  • a server device such as a data server or a backup server as the external storage device 300.
  • the present invention can be implemented using the existing environment as it is.
  • the portable information recording medium 400 is used as this storage location.
  • an IC card is used as the portable information recording medium 400.
  • a dedicated reader / writer device is usually required.
  • the reader / writer device is connected to a personal computer used as the information processing device 100, and the reader / writer device is connected to the personal computer.
  • the IC card is a detachable portable information recording medium 400, which can be removed from the reader / writer device and carried at any time.
  • the components newly provided inside the information processing apparatus 100 for implementing the present invention are the save processing unit 160 and the restoration processing unit 170.
  • the basic concept of the present invention is that when a specific user performs a logoff procedure, The user may save the data file stored in the data storage unit 110 to the external storage device 300 and delete the data file in the data storage unit 110.
  • the evacuation processing unit 160 is a component that executes the evacuation processing. As a result of the saving process, the data file created by the user is deleted from the information processing device 100 and disappears, and another user logs on to the same information processing device 100 later. In this case, sufficient security can be ensured.
  • the restoration processing unit 170 is a component that performs this restoration processing.
  • the function of the save processing unit 160 and the function of the restoration processing unit 170 will be described in detail.
  • the evacuation processing section 160 has five processing functions as shown in FIG. Both processes will be executed when the currently logged on user performs the logoff procedure. As described above, the user log-on procedure and the log-off procedure are processed by the user management unit 140. When the currently logged-on user executes the log-off procedure, the user management unit 140 reports the fact to the evacuation processing unit 160 and prompts the execution of these five processing functions.
  • the evacuation target recognition processing executed first by the evacuation processing unit 160 is performed when the specific user executes the log-off procedure. This is a process of recognizing all or a predetermined part of the data file created or updated based on the work of the specific user as a save target file.
  • the currently logged-on user is referred to as “user A”, and three data files F l, F 2, and F 3 are created based on the user A's logged-on work. Let's say it was created or updated. In this case, as shown, three data files F 1, F 2, and F 3 are stored in the data storage unit 110.
  • the save processing unit 160 is a save process for saving the file to be saved by copying the file to the external storage device 300 via the network 200.
  • all three data files F1, F2, and F3 stored in the data storage unit 110 are recognized as files to be saved. All of the evening files F 1, F 2, and F 3 are copied to the external storage device 300 via the network 200.
  • the copying process itself is equivalent to a backup process.
  • the third process executed by the save processing unit 160 is a deletion process for deleting the save target file stored in the data storage unit 110. The point that this deletion process is involved is different from the general backup process.
  • the files F l, F 2, and F 3 to be saved are copied to the external storage device 300 by the above-described save process.
  • the original save target files F1, F2, and F3 in 110 are deleted, and as a result, the save process described above has no meaning as a backup.
  • any method may be adopted.
  • the latter method has higher security than the former method.
  • the former method is lighter than the latter method in terms of the burden of deletion processing.
  • the fourth process executed by the save processing unit 160 is to copy and restore the save target file saved in the external storage device 300 in the data storage unit 110 in the future.
  • This is management information creation processing for creating management information necessary for the management.
  • the management information created here is in any form as long as the information can be restored by copying the file to be backed up in the external storage device 300 into the data storage unit 110.
  • it is sufficient to use the address information of the external storage device 300 as the save destination of the save target file as the management information. For example, if an Internet is used as the network 200 and a data server connected to the Internet is used as the external storage device 300, the URL address of the file to be saved on this data server is used as the management information. It should be used.
  • the evacuation process copies the evacuation target files F 1, F 2, and F 3 to predetermined evacuation locations in the external storage device 300.
  • a URL address may be created as management information.
  • the management information include information indicating that the management information is created by the user A's logoff procedure.
  • the fifth process executed by the evacuation processing unit 160 is a management information saving process of saving the created management information in an external storage location.
  • a portable information recording medium 400 (specifically, an IC card) is prepared as an external storage location for storing management information. Therefore, the management information is stored in the portable information recording medium 400.
  • the user A who has completed the log-off procedure removes the portable information recording medium 400 from the information processing apparatus 100 and carries it. Specifically, an operation of ejecting an IC card as the portable information recording medium 400 from the reader / writer connected to the personal computer as the information processing apparatus 100 is performed. With the above processing, the log-off procedure of User A is completed.
  • the data file itself is completely deleted by overwriting the actual data recording area in the data storage unit 110 with another data. It is preferable to adopt a method of performing When the user logs off, even if the data remains expanded in the memory 130, the application program that has performed the work on the data is usually terminated. At that point, it is difficult to access the data in the usual manner, so it is difficult for another user who later logs on to access the data file remaining in the memory 130. However, if it is necessary to ensure a higher level of security, the evacuation processor 160 executes a memo when executing the deletion process for the evacuation target file in the data storage 110.
  • the deletion process for the data file F2 developed on the memory 130 is also performed. Specifically, the work of overwriting random data in the RAM area constituting the memory 130 may be performed.
  • the second user B performs the logoff procedure, the same procedure is used.
  • the order is executed. That is, the save target file created in the data storage unit 110 by the work of the user B is stored in a predetermined address location in the external storage device 300 by the save processing unit 160. After being copied, the original file in the data storage unit 110 will be deleted. At this time, management information necessary for restoration is created, but this management information is stored in the portable information recording medium 400 (IC card) for the user.
  • IC card portable information recording medium
  • each user sharing the information processing device 100 has its own portable information recording medium 400 (IC card).
  • the portable information recording medium 400 Before carrying out the logon procedure for 100, the portable information recording medium 400 must be connected to the information processing apparatus 100 (with the IC card inserted into the reader / writer), and the logoff procedure is completed. In this case, the portable information recording medium 400 is removed from the information processing device 100 (the IC card is ejected from the reader / writer device).
  • the data file that the specific user worked on while logged on can be deleted from within the information processing apparatus 100 by the logoff procedure of the specific user. Even if 100 is shared by multiple users, it is possible for a user with any access to access files that another user has worked on: ⁇ . For this reason, it is possible to ensure sufficient security for data created by individual users.
  • the saved data file Must be restored to the data storage unit 110.
  • the restoration processing unit 170 refers to the management information in the portable information recording medium 400 after the specific user executes the logon procedure, and saves the data to the external storage device 300.
  • a restoration process is performed to copy the saved file to be saved into the data storage unit 110 and restore it.
  • each user has his or her own portable information recording medium 400 (IC card), and before performing the logon procedure for the information processing apparatus 100. Then, the portable information recording medium 400 is connected to the information processing apparatus 100.
  • the user management unit 140 reports the fact to the restoration processing unit 170 and prompts the restoration processing unit 170 to execute the restoration process.
  • the restoration processing section 170 refers to the management information in the portable information recording medium 400 (the IC card inserted by the user A), and thereby, the backup target files F 1 and F 1, which were saved at the previous logoff. It recognizes the evacuation location addresses of F 2 and F 3 (predetermined addresses in the external storage device 300) and executes a process of copying and restoring these files into the data storage unit 110.
  • the data files F1, F2, and F3 are again stored in the data storage unit 110, so that the user can use these data files as necessary.
  • the update process by the program execution unit 150 can be executed.
  • the data files Fl, F2, and F3 are evacuated to the external storage device 300 again, and deleted from the data storage portion 110. Will be.
  • the evacuation processing by the evacuation processing unit 160 requires the user to perform a logoff procedure. It is preferable that the restoration processing section 170 performs the restoration processing automatically when the user performs a logon procedure. Then, the saving process and the restoring process are performed without any user's awareness, and the operation of the saving process unit 160 and the restoring process unit 170, which is a feature of the present invention, is not related to the user's It means that it does not work behind the scenes.
  • the feature of the present invention lies in that an evacuation processing unit 160 and a restoration processing unit 170 are added to an existing information processing apparatus such as a personal computer, but at least from the viewpoint of a general user, the present invention is applicable. The operability of the personal computer is not different from that of the existing personal computer.
  • the data file to be restored in the external storage device 300 may be deleted or may be left as it is. It doesn't matter.
  • the data file restored by the restoration processing unit 170 is deleted from the external storage device 300.
  • the data file in the external storage device 300 is left as it is, and the next time the data file with the same file name is saved again. At the time of this, it is also possible to adopt a method of copying only the difference data from the previous time.
  • the data file stored in the data storage unit 110 is created based on the specific user A's work.
  • the entire updated data file is recognized as the file to be saved.
  • a predetermined part of the updated data file may be selected instead of the entire file to be recognized as the file to be saved. This is, Normally, not all data files need to be equally secure.
  • a criterion for selecting the file as the save target file may be determined in advance. For example, a predetermined folder is set in advance as a save target folder, and when the save processing unit 160 performs the save target recognition process, the data file stored in the save target folder is set as the save target file. You only need to recognize it.
  • FIG. 2 is a diagram showing an example of a window display showing a hierarchical structure of the data files stored in the data storage unit 110.
  • the window W1 on the left shows an overall view of the hierarchical structure in the data storage unit 110
  • the window W2 on the right shows a window selected on the window W1 on the left.
  • the contents of a specific folder B (in the figure, the selected state is indicated by hatching) are shown.
  • the entire data storage unit 110 is indicated by a volume “C”, and three folders A, B, and C are created immediately below the volume.
  • the folder A stores the file F0
  • the folder B stores the files F1, F2, and F3
  • the folder C stores the files F4 and F5.
  • file F 0 stored in folder A is a data file used in connection with ⁇ S, and there is no security problem even if another user accesses it.
  • the files F4 and F5 stored in the folder C are data files created by the user A using a predetermined application program, but these files also have no security problems due to their nature. Let's take things. In this case, only files F 1, F 2, and F 3 stored in folder B cause problems on security.
  • FIG. 3A shows the state of the data storage unit 110 before the save processing
  • FIG. 3B shows the state of the data storage unit 110 and the external storage device 300 after the save processing. Is shown.
  • the folder B in the data storage unit 110 is copied to the external storage device 300 as it is by the evacuation process, and is deleted from the data storage unit 110.
  • only folders A and C remain in the storage unit 110.
  • the files F0, F4, and F5 in folders A and C may be accessed by other users, but as described above, these files are files that have no security problems. You.
  • the process of saving a file to the external storage device 300 via the network 200 imposes a certain work load on the information processing device 100. Restoration performed later imposes a similar workload. Therefore, in practice, it is preferable to distinguish between files that require security and those that do not, and treat only the former file as a save target file. It is convenient to adopt a method in which a predetermined folder is determined in advance as a save target folder as in the above-described example, since the save target file can be selected by the user's own judgment. In the case of the above example, the user only needs to put files requiring security in folder B and put the other files in folder C to distinguish them.
  • the method of selecting the files to be saved is not limited to the method of defining the folders to be saved.
  • individual files The format of the file is added to the file name of the aisle, and an extension is added to specify the application program that created the file. For example, "txt" in the file name "ABC.txt;" is an extension indicating that the file is a simple text file.
  • the save processing unit 160 can automatically select a file to be saved based on the condition setting.
  • the restoration process does not necessarily need to be executed for all the files to be saved, but may be executed as needed.
  • the files F1, F2, and F3 to be saved stored in the folder B are moved to the external storage device 300 together with the folder B. Let's consider the case.
  • the restoration processing section 170 may be provided with a two-stage restoration processing function.
  • the first-stage restoration function is a preliminary restoration process that restores the hierarchical structure when the data file was saved
  • the second-stage restoration function is selected from within the hierarchical structure restored by the preliminary restoration process. This is the main restoration process for actually restoring the specified data file.
  • FIG. 4 is a diagram for explaining the concept of the two-stage restoration processing function.
  • the first-stage preliminary restoration only the hierarchical structure of the data file when it was saved is restored. That is, as shown in FIG. 4 (a), only the hierarchical structure of the folder B to be saved is restored.
  • the folder file in which only the hierarchical structure has been restored is indicated by a dashed block.
  • the actual data of the files F1, F2, and F3 has not been restored.
  • the files F1, F2 , F3 is stored in the folder structure (the folder structure and the file name are also included in the hierarchy).
  • the user can be presented with the file list as shown in FIG. 2 for the time being, and the data is stored. It is possible to make it appear as if the file structure stored in the section 110 is equivalent to the state immediately before the last logoff.
  • the user can confirm the state in which three folders A, B, and C are stored in the data storage unit 110 by looking at the display of the file list as shown in FIG. In the folder B, it is possible to confirm that the files Fl, F2, and F3 are stored.
  • the file list display as shown in FIG. 2 cannot be performed by the standard function of the OS provided in the information processing apparatus 100 such as a personal computer. That is, the files in the folder B are not actually restored in the data storage unit 110, and only the data indicating the hierarchical structure is written in a predetermined format. Therefore, a special application program that interprets the predetermined format and displays the hierarchical structure as a file list on a window as shown in FIG. 2 is required. Therefore, the restoration processing section 170 is a component including such a dedicated application program. Now, let's say that the user gives an instruction to expand the file F2 on the memory 130 by, for example, double-clicking the icon of the file F2 on the window W2 shown in FIG.
  • FIG. 4A since the entity of the file F2 does not yet exist in the data storage unit 110, a process of immediately expanding the file F2 on the memory 130 is performed. It is not possible. Instead, the restoration processing unit 170 executes the main restoration processing on the file F2. That is, referring to the management information in the portable information recording medium 400, the evacuation location address of the file F2 is recognized, and the actual data file of the file F2 is actually stored in the data storage unit 110. Is performed.
  • FIG. 4B is a diagram showing a state in the data storage unit 110 after the execution of the main restoration processing.
  • the entity of the file F 2 indicated by the solid line is restored in the data storage unit 110.
  • This can be expanded on the memory 130.
  • the user simply opened the desired file F2 with a predetermined application program, and the fact that the above-described restoration processing was performed is not a matter to which the user is conscious. .
  • the operability seen by the user is almost the same as the operability of a conventional general personal computer.
  • the save processing unit 160 recognizes the data file F 2 existing in the data storage unit 110 as a save target file, and the save process is executed. You. Then, of the management information in the portable information recording medium 400, the save location address of the data file F2 Will be rewritten.
  • this restoration processing will be executed only for the data file F2 that actually needed to be restored, and at the time of logoff, the evacuation processing will be performed only for the data file F2. Therefore, more efficient operation is possible compared to the method of restoring all data files at once and evacuating them at once.
  • the evacuation process according to the present invention since no evacuation target file remains in the information processing apparatus 100, sufficient security is ensured as far as the information processing apparatus 100 is concerned.
  • the file to be saved is stored in the external storage device 300, security may be broken by accessing the external storage device 300.
  • the Internet is used as the network 200, the external storage device 300 can be configured by an arbitrary storage device connected to the Internet, so that a specific file to be saved is It is practically impossible to know the evacuation location of the mobile phone unless the management information in the portable information recording medium 400 is referred to. Therefore, if each user manages the portable information recording medium 400 possessed by each user, there is a low risk that the save location of the save target file is leaked outside. In particular, if an IC card is used as the portable information recording medium 400, there is a very low possibility that the management information stored inside is read out to the outside by unauthorized means.
  • the external storage device 300 since the external storage device 300 is in an environment connected to the Internet, it may be subject to a direct attack by someone, and the file to be evacuated is read out by unauthorized means as it is. there is a possibility. In order to deal with such a problem, it is preferable to perform a division process or an encryption process on the file to be saved. In the following, such countermeasures are based on specific examples. Will be explained. '
  • FIG. 5 is a diagram illustrating the concept of the division process for the save target file.
  • division processing is performed on the file F2 that has been saved.
  • the saving processing unit 160 divides the file F2 into three parts. The process of dividing into files F 2 a, F 2 b, and F 2 c is performed. Then, the three divided files F 2 a, F 2 b, and F 2 c are evacuated to different external storage devices via the network 200.
  • FIG. 6 shows a modified example in which three different storage devices are connected to the network 200 in order to save the three divided files F 2 a, F 2 b, and F 2 c to different storage devices. It is a block diagram. The difference between the basic embodiment shown in FIG. 1 and the modified example shown in FIG. 6 is that, in the latter, the first storage device 310, the second storage device 320, The storage device 330 is prepared, the evacuation processing unit 160 performs the division process, and the restoration processing unit 170 combines the divided files and performs the restoration process.
  • the evacuation processing unit 160 executes five processes. That is, in the case of this example, first, the data file F2 in the data storage unit 110 is recognized as a file to be saved by the save object recognition processing. Subsequently, an evacuation process is performed. At this time, the data file F 2 is divided, and the data file F 2 is divided into a plurality of divided files. After being divided into files, they are copied to an external storage device. Specifically, in the example shown in FIG. 5, the file F2 is divided into three divided files F2a, F2b, and F2c, and the first storage device 310 and the second storage device The device 320 is copied to the third storage device 330.
  • a deletion process for deleting the data file F2 in the data storage unit 110 is performed. Then, a management information creation process is performed, and a management information storage process of saving the created management information in the portable information recording medium 400 is performed. In the case of this modification, there are two points to keep in mind about the management information created for the data file F2.
  • the first point is that, as the address indicating the save location of the file F2, the addresses of the three save locations of the individual divided files F2a, F2b, and F2c are used as the management information. It is a point to be included. Specifically, a URL address indicating the storage location of the divided file F 2 a in the first storage device 310 and a URL indicating the storage location of the divided file F 2 b in the second storage device 320 The address and the URL address indicating the storage location of the divided file F 2 c in the third storage device 330 are prepared as management information.
  • the management information according to the present invention is information necessary for copying a file to be saved saved in an external storage device into the data storage unit 110 and restoring the same, so that the file F2 to be saved is 3 If the file is divided into two and saved in different locations, it is natural to prepare the save location address of each divided file as management information.
  • the second point is that information indicating the method of the division process performed on the save target file F2 is included in the management information.
  • the dividing process shown in FIG. 5 is performed by dividing the file F2 to be saved into three equal parts, and dividing them in order from the top into divided files F2a, F2b, and F2c. Therefore, information indicating the division method is included in the management information. Then, when the restoration processing is performed by the restoration processing unit 170 later, the dividing method in the management information is indicated.
  • the original data file F2 can be restored by synthesizing the divided files F2a, F2b, and F2c.
  • the save processing unit 160 divides the save target file into a plurality of divided files based on a predetermined division method when executing the save processing, and A process for evacuating the divided files to a plurality of different storage devices is performed, and management information including information indicating the performed division method is created.
  • the restoration processing unit 170 is included in the management information. The file to be evacuated may be restored based on the information indicating the division method used.
  • the advantage of this modification is that the file to be saved to the external storage device is stored as a plurality of divided files, not in its original form.
  • the data file F 2 is divided into three divided files F 2a, F 2b, and F 2c, and is distributed and stored in three places Therefore, even if one of the divided files is accessed by an unauthorized means, the original data file F2 itself can be prevented from being immediately exposed.
  • a more complicated division method may be adopted. For example, in the example shown in Fig.
  • the division file F2a, F2b, F2c If everything is obtained by unauthorized means, it is possible to restore the original file F2 by combining them in this order.
  • the original file F2 has a 3-byte cycle of 1, 4, 7, 10, ..., etc. bytes from the beginning of the byte sequence.
  • the first divided file F2a is created by extracting one byte at a time, and the second file is extracted at intervals of three bytes, such as the second, fifth, eighth, eleven,.
  • Create a third divided file F 2 c by extracting one byte at a 3-byte cycle, such as the third, sixth, ninth, 12th,. If you do not know that such a division method has been performed, even if three divided files F 2 a, F 2 b, and F 2 c are available, the original Restoring file F2 becomes difficult.
  • the principle of such a division method is infinite, and even if the division method is based on the same principle, the division method is substantially different by changing various parameter values. Therefore, if a plurality of division methods are defined in advance in the evacuation processing unit 160 and the parameters are set at random, one of the virtually infinite division methods can be obtained. Can be selected, so that each file to be saved can be saved by applying different division methods.
  • FIG. 6 shows an example in which three storage devices 310, 320, and 330 are used as external storage devices.
  • these external storage devices can be theoretically installed indefinitely. Therefore, even if each of these external storage devices could be accessed by unauthorized means, the specific file to be evacuated would be divided into any number of ways and how many files would be created as a result.
  • Management information (which is stored only in the portable information recording medium 400 possessed by the user) indicating which divided file is stored in which storage device and at which address is stored. Unless it is possible, it is impossible for a third party to restore the file to be evacuated.
  • An effective means for ensuring security as well as such division processing is encryption processing. That is, when executing the evacuation processing, the evacuation processing unit 160 performs a process of encrypting the evacuation target file based on a predetermined encryption method and then evacuating the file to an external storage device.
  • the management information including information indicating the method is created, and when the restoration processing unit 170 restores the file to be evacuated, based on the information indicating the encryption method included in the management information,
  • the decoding process may be performed. For example, if the data file F2 is to be saved, the data file F2 is subjected to a predetermined encryption process to generate an encrypted file FF2, and the encrypted file FF2 is stored in an external storage. What is necessary is just to copy and store it in a device.
  • segmentation and encryption it is also possible to combine segmentation and encryption to ensure higher security. For example, it is possible to divide the file to be saved to generate multiple divided files, encrypt each of the divided files, and then save them to an external storage device. On the contrary, it is also possible to encrypt the file to be backed up, divide this encrypted file to generate multiple divided files, and back them up to an external storage device. It is.
  • Management information plays an important role in practicing the present invention. That is, the management information is information necessary for restoring the save target file saved in the external storage device, and is essential information for the restoration processing by the restoration processing unit 170. On the other hand, if this management information is obtained by another user, it will be possible for the other user to restore the file to be evacuated. From the viewpoint of ensuring security, this management information is However, it is necessary to save the information in an external storage location, not inside the information processing apparatus 100. Therefore, in the above-described embodiments, the portable information recording medium 400 that is detachably attached to the information processing apparatus 100 is used as the storage location of the management information, and the evacuation processing unit 160 manages the information.
  • the portable information recording medium 400 When the information is stored, the portable information recording medium 400 is set as a storage location, and when the restoration processing unit 170 performs the restoration processing, the information is stored in the portable information recording medium 400.
  • the restoration is performed by referring to the management information that is stored.
  • an operation is performed in which an IC card is used as the portable information recording medium 400. Specifically, a unique IC card is issued for each user in advance, and when performing the login procedure, this IC card must be inserted into the reader / writer device, and the logoff procedure must be performed. After the operation, the operation is performed such that the IC card is always ejected from the reader / writer device and carried. .
  • the management information does not necessarily need to be stored in a portable information recording medium 400 such as an IC card.
  • a portable information recording medium 400 such as an IC card.
  • management information is stored in an external server connected via the network 200, and the URL address of the storage destination is notified only to authorized users. It is also possible to adopt operation. In this case, the user may perform an operation of inputting the URL address during the logon procedure.
  • the restoration processing unit 170 can perform a necessary file restoration process by referring to the management information existing at the input URL address.
  • a typical device that functions as the information processing device 100 shown in FIG. 1 is a personal computer.
  • data storage unit 110 data storage unit 110, development storage unit 120, memory 130, user management
  • the functions realized by the components of the unit 140 and the program execution unit 150 are the functions that are standard in common PCs (computers with a predetermined OS built in) that are currently on the market. is there. Therefore, in order to use such a commercially available personal computer as the information processing apparatus 100 according to the present invention, the functions of the evacuation processing unit 160 and the restoration processing unit 170 are added to this personal computer.
  • a storage location for management information such as a portable information recording medium 400 may be prepared.
  • the functions of the evacuation processing unit 160 and the restoration processing unit 170 can be realized by a program, after all, in practical use, the evacuation processing unit 160 and the restoration processing can be implemented on a commercially available general-purpose personal computer.
  • the data storage unit 110 according to the present invention can be configured by incorporating a dedicated program that functions as the unit 170.
  • the dedicated program can be recorded on a computer-readable recording medium such as a CD-ROM and distributed, or can be distributed online.
  • the information processing apparatus according to the present invention can be realized by incorporating a dedicated program into a general-purpose personal computer, when an information processing apparatus according to the present invention is used in a company or the like, a plurality of information It is anticipated that it will be common to introduce processing devices at the same time and operate them in parallel. In this case, the restoration process for the file to be saved does not necessarily need to be performed by the same information processing apparatus that performed the save process for the file.
  • a personal computer functioning as an information processing device 100 as shown in Fig. 1 was installed at the Tokyo head office and also at the Osaka branch office.
  • User A an employee of the Tokyo head office, logs on to the information processing device 100 (Tokyo) installed at the Tokyo head office, creates data file F2, and logs off. It is assumed that the data file F2 has been saved to the external storage device 300 as a save target file.
  • the data file F 2 is It will be restored in this information processing device 100 (Tokyo).
  • the data file F 2 is stored in the information processing device 100 (Osaka) will be restored.
  • the information relating to the evacuation processing of the data file F2 created by the user A is stored as management information in the portable information recording medium 400 owned by the user A.
  • the data file F2 can be restored using any information processing device.
  • the Internet is used as the network 200
  • the external storage device 300 can be accessed from anywhere in the world. It is also possible to restore the data file F2 by logging on to the information processing device 100 (Newyork), and log on to the information processing device 100 (London) installed at the London office. It will be possible to restore 2.
  • the effect that the data file created by the user can be used from anywhere can be obtained by a secondary effect of the present invention created to achieve the purpose of ensuring security. It should be.
  • the present invention can be widely used when an information processing device such as a personal computer is shared and used by a plurality of users.
  • an information processing device such as a personal computer
  • it is optimal for using data created by individual users in an environment that ensures sufficient security.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
PCT/JP2005/001044 2004-02-23 2005-01-20 情報処理装置および情報処理装置におけるセキュリティ確保方法 Ceased WO2005081114A1 (ja)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/588,322 US7574440B2 (en) 2004-02-23 2005-01-20 Information processing apparatus, and method for retaining security

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004045973A JP4578119B2 (ja) 2004-02-23 2004-02-23 情報処理装置および情報処理装置におけるセキュリティ確保方法
JP2004-45973 2004-02-23

Publications (1)

Publication Number Publication Date
WO2005081114A1 true WO2005081114A1 (ja) 2005-09-01

Family

ID=34879424

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2005/001044 Ceased WO2005081114A1 (ja) 2004-02-23 2005-01-20 情報処理装置および情報処理装置におけるセキュリティ確保方法

Country Status (3)

Country Link
US (1) US7574440B2 (enExample)
JP (1) JP4578119B2 (enExample)
WO (1) WO2005081114A1 (enExample)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8082325B2 (en) 2003-12-24 2011-12-20 Dai Nippon Printing Co., Ltd. Data storing system using network

Families Citing this family (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0365965A (ja) * 1989-08-04 1991-03-20 Ricoh Co Ltd コロナ放電装置
EP1659474A1 (en) * 2004-11-15 2006-05-24 Thomson Licensing Method and USB flash drive for protecting private content stored in the USB flash drive
JP4854239B2 (ja) * 2005-09-09 2012-01-18 キヤノン株式会社 データ分散処理システム及びデータ分散処理方法並びにプログラム
JP2007174062A (ja) * 2005-12-20 2007-07-05 Canon Inc データ通信装置、データ通信システム、データ通信方法、及びそのプログラム
JP2007213405A (ja) * 2006-02-10 2007-08-23 Global Friendship Inc 割符情報の管理方法および管理装置
JP4533334B2 (ja) * 2006-03-27 2010-09-01 キヤノン株式会社 印刷装置及び情報処理装置
JP2007300157A (ja) * 2006-04-27 2007-11-15 Toshiba Corp 秘密分散システム、装置及びプログラム
JP4215080B2 (ja) * 2006-08-09 2009-01-28 コニカミノルタビジネステクノロジーズ株式会社 電子文書管理装置、電子文書管理方法、電子文書管理プログラム、および電子文書を作成するためのプログラム
JP5131630B2 (ja) * 2006-08-11 2013-01-30 富士ゼロックス株式会社 廃棄装置、廃棄システム及び廃棄方法
JP2008250475A (ja) * 2007-03-29 2008-10-16 Brother Ind Ltd 情報処理装置、ネットワークシステム、およびプログラム
JP2008289102A (ja) * 2007-05-21 2008-11-27 Sony Corp 受信装置、記録装置、コンテンツ受信方法及びコンテンツ記録方法
JP4858879B2 (ja) * 2008-02-08 2012-01-18 九州日本電気ソフトウェア株式会社 ファイル処理装置ファイル処理方法、及びファイル処理プログラム
JP5223428B2 (ja) * 2008-04-10 2013-06-26 日本電気株式会社 情報処理システム
JP2010176256A (ja) * 2009-01-28 2010-08-12 Ri Co Ltd バックアッププログラム
JP2010266933A (ja) * 2009-05-12 2010-11-25 Ri Co Ltd ドキュメント管理プログラム、ドキュメント管理システム及びドキュメント管理方法
JP5511270B2 (ja) * 2009-09-02 2014-06-04 キヤノン株式会社 情報処理装置、及び情報処理方法
JP2012038121A (ja) * 2010-08-09 2012-02-23 Canon Inc 情報処理装置、情報処理装置の制御方法、プログラム
US8549350B1 (en) 2010-09-30 2013-10-01 Emc Corporation Multi-tier recovery
US8943356B1 (en) 2010-09-30 2015-01-27 Emc Corporation Post backup catalogs
US8949661B1 (en) 2010-09-30 2015-02-03 Emc Corporation Federation of indices
US8504870B2 (en) 2010-09-30 2013-08-06 Emc Corporation Optimized recovery
US8484505B1 (en) 2010-09-30 2013-07-09 Emc Corporation Self recovery
US9195549B1 (en) * 2010-09-30 2015-11-24 Emc Corporation Unified recovery
US8713364B1 (en) 2010-09-30 2014-04-29 Emc Corporation Unified recovery
US20120102564A1 (en) * 2010-10-25 2012-04-26 Openpeak Inc. Creating distinct user spaces through mountable file systems
US8650658B2 (en) 2010-10-25 2014-02-11 Openpeak Inc. Creating distinct user spaces through user identifiers
JP5772009B2 (ja) * 2011-01-26 2015-09-02 株式会社リコー 画像処理装置、機能利用制御方法、機能利用制御プログラム、及びそのプログラムを記録した記録媒体
US8982066B2 (en) * 2012-03-05 2015-03-17 Ricoh Co., Ltd. Automatic ending of interactive whiteboard sessions
JP2013250896A (ja) * 2012-06-01 2013-12-12 Sharp Corp 通信端末、通信方法、通信制御プログラムおよびコンピュータ読み取り可能な記録場体
JP6079875B2 (ja) * 2013-05-27 2017-02-15 富士通株式会社 アプリケーション実行プログラム,アプリケーション実行方法及びアプリケーションを実行する情報処理端末装置
JP5898712B2 (ja) * 2014-02-13 2016-04-06 キヤノン株式会社 画像形成装置及びその制御方法
JP6451080B2 (ja) * 2014-05-15 2019-01-16 富士ゼロックス株式会社 情報管理システム、情報処理装置およびプログラム
KR102341162B1 (ko) 2015-08-12 2021-12-21 삼성전자주식회사 전자 장치 및 전자 장치의 공동 사용을 위한 방법
JP6572704B2 (ja) * 2015-09-24 2019-09-11 富士ゼロックス株式会社 情報処理装置、情報処理システム及びプログラム

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06309214A (ja) * 1993-04-21 1994-11-04 Toshiba Corp データベースシステム
JPH06332781A (ja) * 1993-05-26 1994-12-02 Nec Corp ファイル管理方法
WO2001046808A1 (en) * 1999-12-20 2001-06-28 Dai Nippon Printing Co., Ltd. Distributed data archive device and system
JP2003101739A (ja) * 2001-09-19 2003-04-04 Ricoh Co Ltd 画像処理装置
JP2004038519A (ja) * 2002-07-03 2004-02-05 Hitachi Ltd プログラム管理方法

Family Cites Families (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3034873B2 (ja) * 1988-07-01 2000-04-17 株式会社日立製作所 情報処理装置
US5771354A (en) * 1993-11-04 1998-06-23 Crawford; Christopher M. Internet online backup system provides remote storage for customers using IDs and passwords which were interactively established when signing up for backup services
US7095854B1 (en) * 1995-02-13 2006-08-22 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
EP1515216B1 (en) * 1995-02-13 2014-09-24 Intertrust Technologies Corporation Systems and methods for secure transaction management and electronic rights protection
US7069451B1 (en) * 1995-02-13 2006-06-27 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5813009A (en) * 1995-07-28 1998-09-22 Univirtual Corp. Computer based records management system method
US5774551A (en) * 1995-08-07 1998-06-30 Sun Microsystems, Inc. Pluggable account management interface with unified login and logout and multiple user authentication services
US6088693A (en) * 1996-12-06 2000-07-11 International Business Machines Corporation Data management system for file and database management
US6347331B1 (en) * 1999-04-26 2002-02-12 International Business Machines Corporation Method and apparatus to update a windows registry from a hetrogeneous server
US6917958B1 (en) * 1999-04-26 2005-07-12 International Business Machines Corporation Method and apparatus for dynamic distribution of system file and system registry changes in a distributed data processing system
US7100195B1 (en) * 1999-07-30 2006-08-29 Accenture Llp Managing user information on an e-commerce system
US6704873B1 (en) * 1999-07-30 2004-03-09 Accenture Llp Secure gateway interconnection in an e-commerce based environment
US6442696B1 (en) * 1999-10-05 2002-08-27 Authoriszor, Inc. System and method for extensible positive client identification
JP4568963B2 (ja) * 2000-06-08 2010-10-27 ソニー株式会社 情報処理装置、情報通信システム
US7266512B2 (en) * 2000-07-18 2007-09-04 Cnet Networks, Inc. System and method for establishing business to business connections via the internet
EP1417574A1 (en) * 2001-08-14 2004-05-12 Humana Inc Web-based security with controlled access to data and resources
JP3680034B2 (ja) * 2002-03-20 2005-08-10 株式会社東芝 情報処理装置および同装置で使用されるユーザ切替え方法
JP2004062220A (ja) * 2002-07-24 2004-02-26 Matsushita Electric Ind Co Ltd 情報処理装置、情報処理方法、およびプログラム変換装置
US7533012B2 (en) * 2002-12-13 2009-05-12 Sun Microsystems, Inc. Multi-user web simulator
US7660880B2 (en) * 2003-03-21 2010-02-09 Imprivata, Inc. System and method for automated login
JP4301849B2 (ja) * 2003-03-31 2009-07-22 株式会社日立製作所 情報処理方法及びその実施システム並びにその処理プログラム並びにディザスタリカバリ方法およびシステム並びにその処理を実施する記憶装置およびその制御処理方法
US7349913B2 (en) * 2003-08-21 2008-03-25 Microsoft Corporation Storage platform for organizing, searching, and sharing data

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06309214A (ja) * 1993-04-21 1994-11-04 Toshiba Corp データベースシステム
JPH06332781A (ja) * 1993-05-26 1994-12-02 Nec Corp ファイル管理方法
WO2001046808A1 (en) * 1999-12-20 2001-06-28 Dai Nippon Printing Co., Ltd. Distributed data archive device and system
JP2003101739A (ja) * 2001-09-19 2003-04-04 Ricoh Co Ltd 画像処理装置
JP2004038519A (ja) * 2002-07-03 2004-02-05 Hitachi Ltd プログラム管理方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8082325B2 (en) 2003-12-24 2011-12-20 Dai Nippon Printing Co., Ltd. Data storing system using network

Also Published As

Publication number Publication date
JP2005235055A (ja) 2005-09-02
US7574440B2 (en) 2009-08-11
US20070143288A1 (en) 2007-06-21
JP4578119B2 (ja) 2010-11-10

Similar Documents

Publication Publication Date Title
WO2005081114A1 (ja) 情報処理装置および情報処理装置におけるセキュリティ確保方法
JP4759513B2 (ja) 動的、分散的および協働的な環境におけるデータオブジェクトの管理
CN101554010B (zh) 使用公钥加密进行文档控制的系统和方法
CN100362495C (zh) 信息泄漏防止装置及方法
JPWO2001046808A1 (ja) 分散型データアーカイブ装置およびシステム
US20090319786A1 (en) Electronic data security system and method
US20150227748A1 (en) Method and System for Securing Data
CN112269547B (zh) 无需操作系统的、主动、可控硬盘数据删除方法及装置
WO2007008807A2 (en) Secure local storage of files
CN101484927A (zh) 共享加密文件的加密、解密处理方法
WO2007091652A1 (ja) 割符情報の管理方法および管理装置
WO2005078587A1 (ja) コンピュータシステムおよびファイルの保存・読出方法
US7890990B1 (en) Security system with staging capabilities
JP6270780B2 (ja) データ管理装置、データ管理方法、及びデータ管理プログラム
KR20000000410A (ko) 분산 pc 보안관리 시스템 및 방법
KR100692999B1 (ko) 다수의 키 캐시 매니저가 보안 칩의 암호화 키 저장부리소스를 공유하는 방법 및 컴퓨터 판독가능 기록 매체
CN112269986A (zh) 进程管理方法、装置及存储介质
US20080162948A1 (en) Digital Information Storage System, Digital Information Security System, Method for Storing Digital Information and Method for Service Digital Information
JP4516598B2 (ja) 文書のコピーを制御する方法
JP2000155715A (ja) コンピュータのディレクトリアクセス制御システム及び方法
JP7527539B2 (ja) 電子データ管理方法、電子データ管理装置、そのためのプログラム及び記録媒体
US9652303B2 (en) Command line output redirection
JP5047664B2 (ja) 電子文書管理装置、コンピュータプログラム、及び電子文書管理方法
CN113656355A (zh) 文件的处理方法及装置、非易失性存储介质、处理器
JPH10275115A (ja) データ暗号化保存方法及びシステム装置

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2007143288

Country of ref document: US

Ref document number: 10588322

Country of ref document: US

122 Ep: pct application non-entry in european phase
WWP Wipo information: published in national office

Ref document number: 10588322

Country of ref document: US