JP2006343887A - Storage medium, server device, and information security system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a highly reliable information leakage preventing measures even under circumstances where the fear of information leakage such as the transmission/reception of security data using a network or the carrying-out of a memory card is high. <P>SOLUTION: The transfer of security data belonging to a predetermined security segment is available by using a carrying-out management application 32 of a personal computer 30 through a network 100 between a data server 10 and a memory card 40. The security attribute data for specifying the security data and the security segment are stored so as to be associated with each other in the data server 10 and the memory card 40. Also, an access log relating to the access history to the security data is stored in a log management server 20 and the memory card 40. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a storage medium, and more particularly to a storage medium useful for preventing leakage of confidential information. The present invention also relates to a server device used with the storage medium and an information security system using the storage medium.

  A storage medium such as a semiconductor memory card (hereinafter referred to as “memory card”) having a nonvolatile semiconductor memory as a storage medium has a smaller storage capacity than a disk storage medium such as a DVD, but has a large mechanism. Recently, as a storage medium suitable for portable use, the range of its use has been expanded since it is compact, easy to handle, and excellent in vibration resistance.

  On the other hand, while the development of information technology, the spread of network systems such as the Internet, and the spread of the above-mentioned simple storage media, the leakage and leakage of confidential information inside each company, organization, etc. has become a social problem. Measures against such problems are required.

  In response to such demands, various technologies have been proposed in the field of storage media including memory cards. For example, Patent Document 1 below describes a memory card in which an authentication area that can be accessed only by an external device that has been successfully authenticated and a non-authentication area that can be accessed by any external device are provided in a nonvolatile memory. Yes. Using this memory card, it is possible to protect the data by storing the encrypted data in the non-authentication area and storing the decryption key for decrypting it in the authentication area.

Further, in Patent Document 2 below, in addition to a normal area, a secure area that cannot be directly accessed from the information processing terminal, and a tamper resistant that cannot be directly accessed from the information processing terminal, in addition to the normal area, are attached to the semiconductor memory card that is removable from the information processing terminal. And a memory having a tamper resistance, and is configured such that access to the secure area is possible only via a secure control unit that manages access to the tamper resistant memory. Since an external device cannot directly access this secure area, it is possible to ensure a higher security level.
JP 2001-14441 A JP 2004-199138 A

  However, in recent years, a higher level of defense measures has been required against the leakage and leakage of confidential information. In particular, in the conventional technologies as described above, sufficient measures are not taken against information leakage when a storage medium is stolen or lost, unauthorized use by a person who took out confidential information, and the like.

  An object of the present invention is to provide a storage medium having a higher information leakage prevention function, a server device on a network used together with the storage medium, and an information security system using the storage medium.

  According to the present invention, in the exchange of the main body data via the information processing terminal and the server storing the main body data having a predetermined security classification, the confidential attribute data specifying the security classification and the main body data can be stored in association with each other. A portable storage medium is provided.

  In the above-described configuration, the confidential classification and the main body data are stored and stored in the portable storage medium in association with each other. Therefore, defense measures against unauthorized use by the user and data leakage due to loss of the medium are facilitated, and a higher information leakage prevention function can be provided.

  The portable storage medium can be provided with a semiconductor chip storing an application program for controlling the access restriction.

  The access restriction includes prohibition of printing and copying of the main body data.

  The portable storage medium is provided with a general storage area and a secure storage area, and the general storage area includes a storage area that can be directly read and written from the information processing terminal, and the secure area is provided in the semiconductor chip. A storage area that can be read from and written to by the information processing terminal under access control of the stored application, and the confidential attribute data and the main body data are associated with each other to access the secure recording area. It can also be configured to be held below. In this case, the portable storage medium holds the application program of the main body data in the general storage area, and satisfies the authentication request defined by the application program, whereby the application program is executed on the information processing terminal. It can also be configured to be usable. Under such a configuration, since the application program is not placed in the information processing terminal, a highly reliable protection function can be obtained against fraudulent acts such as falsification of the application program.

  The portable storage medium may further include an access log storage area for storing an access log related to the access history to the main body data. Checking the stored access log facilitates quick discovery of unauthorized use and discovery of the leaked source after information leaks.

  An example of the portable storage medium is a memory card that can be attached to and detached from the information processing terminal.

  Furthermore, the present invention is capable of exchanging data via an information processing terminal, and a storage medium storing the main body data having a predetermined security classification, confidential attribute data specifying the security classification and the main body data in association with each other, and Provided is a server device that stores the main body data and the confidential attribute data in association with each other and stores an access log relating to an access history to the main body data.

  Further, according to the present invention, the main body data can be exchanged via a server that stores main body data having a predetermined security classification and an information processing terminal, and the confidential attribute data specifying the security classification and the main body data are stored in association with each other. Data can be exchanged via a portable storage medium, the storage medium, and an information processing terminal, the body data and the confidential attribute data are stored in association with each other, and the access history to the body data And an information security system including a server device that stores an access log related to the information. In addition, an access log related to the access history to the main body data may be stored in each of the server and the portable storage medium.

  According to the present invention, a highly reliable information leakage prevention measure can be provided even under a situation where there is a high risk of information leakage such as transmission / reception of confidential data using a network or taking out a memory card.

  Hereinafter, the content of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is an overall configuration diagram of an information security system to which the present invention is applied. In this embodiment, the information security system is detachable from the data server 10 and log management server 20, the personal computer (information processing terminal) 30, and the personal computer 30 that are arranged on the network 100 such as the Internet or an in-house LAN. It is constructed from a memory card (portable storage medium) 40.

  The data server 10 stores various types of data such as document data, image data, and audio data, and receives data from a terminal such as the personal computer 30 and supplies the data to the terminal via the network 100. The data server 10 is an information folder that stores data files related to confidential information that can be viewed only by a specific authorized person, as well as ordinary data files that can be accessed by any person without any restrictions. 12 is provided.

  In the information folder 12, for example, in the example of FIG. 2, document files of “Document 1.ppt”, “Document 2.ppt”, and “Document 3.ppt” are held. Each document file has a “classification of confidentiality: 5”, “classification of confidentiality: 1”, and “classification of confidentiality: 8”, classified according to the importance of each file and the required protection level (secure level). Is given. That is, the data representing the security classification and the document file corresponding to the document data which is the original information are associated with each other and stored in the information folder 12.

  The “main body data” in the present specification is data of original information to be expressed and includes various data such as document data, image data, audio data, and combinations thereof, and the type thereof is not limited. In addition, the “confidential attribute data” in this specification is data representing the above-described confidential classification, and is provided to the main body data when the main body data is confidential data to which a predetermined access restriction is given. It is.

  FIG. 3 shows an example of a list of security classifications given to each file. In this embodiment, “level 10” is given to the confidential classification corresponding to the highest secure level, printing and copying of the file are prohibited, and special authentication for browsing (authentication using a user ID card, etc.) Is required. On the other hand, at the lowest secure level “level 1”, the file can be printed or copied without any limitation, and no special authentication is required. Of course, the number of classified categories and the types and number of prohibited items are not particularly limited. For example, the confidential classification can be configured with four levels of “strict”, “secret”, “in-house information”, and “normal”.

  The log management server 20 is a server that accumulates an access log corresponding to a usage history of a predetermined file in a predetermined folder of the data server 10. The log management server 20 works in conjunction with the data server 10 to record the access status to the file of the data server 10 every moment. As long as such recording is possible, the log management server 20 may be configured separately from the data server 10 or may be configured integrally. In this specification, “server” and “server device” refer to a single data server 10 that stores main body data and a log management server 20 that stores access logs, or a combination thereof.

  The log management server 20 is provided with a take-out list 22 that records the take-out and return information of each file of the data server 10. In the present embodiment, as shown in FIG. 4, the take-out list 22 includes a document name (file name) of each document (file), a security classification of each document, a take-out person, a take-out person ID number (employee ID, etc.). , Take-out date, return date, and link information to the access log of each document (hereinafter referred to as “link”). In this example, information of “document 1.ppt”, “document 2.ppt”, and “document 3.ppt” in the information folder 12 shown in FIG. 2 is posted. Since document 2 has not yet been returned, the return date is not described.

  An access log is recorded for each document. In this embodiment, “document 1 log”, “document 2 log”, and “document 3 log”, which are links to the access log of each document. By clicking the part (underlined part), it is possible to browse the access log of each document. For example, by clicking “Document 1 log” in FIG. 4, the user can view the access log of Document 1 shown in FIG. 5. The link is not limited to a clickable link.

  The personal computer 30 includes a take-out management application 32. The personal computer 30 can be connected to the data server 10 via the network 100 (solid line A in FIG. 1), and the memory card 40 is configured to be detachable from the personal computer 30 (solid line B in FIG. 1). ). However, even if the memory card 40 is not detachable from the personal computer 30, it is only necessary that the memory card 40 can transmit and receive data to and from each other. For example, a contact or non-contact type memory card reader / writer attached to the personal computer 30 can be used.

  When the personal computer 30 is connected to the network 100 and the memory card 40, data such as the document file described above can be exchanged between the network 100 and the memory card 40. Here, the take-out manageable application 32 of the personal computer 30 controls the exchange of data between the network 100 and the memory card 40. However, access to data having a predetermined security classification is restricted.

  Actually manipulating body data such as a document file is general PC software such as word processor software such as MS-WORD (registered trademark) and graphics software for presentation such as PowerPoint (registered trademark). The carry-out management application 32 here is between such general PC software and an OS (operating system), and plays a role of limiting the functions of the general PC software. For example, the take-out management application 32 includes an application having the following functions, but is not limited thereto.

・ Communication mediation and data exchange between server and card application ・ Restrictions on file operations and functions such as copying, copying, moving, etc. of files on server or memory card secure storage area (described later) ・ Printing of general PC software ”,“ Edit ”,“ Save ”functions, etc. ・ Record of operation history on general PC software

  For example, copying or printing to other media such as the hard disk of the personal computer 30 is prohibited for specific confidential data. Therefore, as shown by the dotted line C in FIG. 1, editing of actual data, exchange of a new duplicate file, etc. is performed only between the data server 10 and the memory card 40. This point will be described later.

  FIG. 6 shows an internal block diagram of the memory card 40. Further, the exchange of data between the memory card 40 and the carry-out management application 32 of the personal computer 30 is conceptually shown. The memory card is a so-called semiconductor memory card having a nonvolatile semiconductor memory.

  The memory card 40 includes a control unit 41, an IC chip 42 that is a semiconductor chip, and a nonvolatile memory area 43. The control unit 41 is composed of a predetermined arithmetic processing unit, and controls the memory card 40 as a whole and also controls data exchange with the carry-out management application 32 of the personal computer 30.

  When the access request from the take-out management application 32 is an authentication request or an access request to the secure storage area 45 described later, the IC chip 42 performs an authentication process or accesses the secure storage area 45. Therefore, the card application 44 is activated.

  As the IC chip 42, a general contact type or non-contact type IC chip called “wireless tag”, “RFID (Radio Frequency Identification)”, “electronic tag”, or the like can be adopted. However, the detailed configuration is not limited in the present invention. In general, the IC chip 42 is formed by forming a semiconductor integrated circuit including a transmission / reception control unit, a read / write control unit, a memory and a power supply unit that transmit and receive information from an external control unit 41, and the like. Yes.

  The non-volatile memory area 43 is a rewritable storage area for storing data even when the power is turned off, and includes a secure storage area 45 and a general storage area 46. Normal data (which does not require confidentiality) is stored in the general storage area 46. On the other hand, data (such as a document file) with confidential attribute data as described above is held in the secure storage area 45. The secure storage area 45 has a log storage area 47 for storing the access log of the data shown in FIG. Accordingly, the secure storage area stores confidential data (main body data) such as a document file, as well as confidential attribute data and an access log associated therewith.

  When the access request from the carry-out management application 32 is an access request to the secure storage area 45, the control unit 41 activates the card application 44. The card application 44 is an application used for reading or deleting confidential data stored in the secure storage area 45 and writing a newly created document file or the like into the secure storage area 45 as confidential data. When the access request from the carry-out management application 32 is an access to normal data that does not require confidentiality, that is, an access request to the general storage area 46, the control unit 41 directly accesses the general storage area 46. Accordingly, the card application 44 is not activated, and the general PC software and the carry-out management application 32 of the personal computer 30 cannot recognize the existence of the secure storage area 45 itself.

  In the present embodiment, a memory card as a portable storage medium that can be attached to and detached from the personal computer 30 and has no mechanism portion is described as an example of the storage medium. However, in the sense of “storage medium”, a card-type semiconductor memory is particularly used. Is not limited. In terms of shape and structure, a hard disk, a disk-shaped recording medium, and the like can also be included.

  Next, an example of the operation of the information security system of this embodiment will be described using the operation sequence diagram of FIG. In this example, an example in which confidential data is edited with its own personal computer and the edited data is returned will be described.

  First, the user of the personal computer 30 and the memory card 40 activates the take-out management application 32 on the personal computer 30. Further, mutual authentication is executed between the data server 10 and the carry-out management application 32 of the personal computer 30 via the network 100 (1). Subsequently, mutual authentication is executed between the carry-out management application 32 and the memory card 40 (2). When the authentications (1) and (2) are successful, mutual authentication between the data server 10 and the memory card 40 via the carry-out management application 32 is executed, and secure communication between the two is established (3). The authentication and secure communication establishment methods (1) to (3) are not particularly limited, and existing methods can be used.

  For example, authentication using an electronic certificate can be used for the authentications (1) and (2), and challenge-response mutual authentication can be used for the authentication (3). Challenge-response type mutual authentication is a response data generated by sending challenge data to the partner device in order to verify the legitimacy of the partner device, and then processing to prove its validity in the partner device. Both devices mutually perform an authentication step of determining whether the partner device can be authenticated by comparing the challenge data with the response data. For example, a challenge-response type mutual authentication method shown in Japanese Patent No. 3389186 is used.

  Subsequently, the confidential data (main body data) and the confidential data associated with the confidential data are transferred from the information folder 12 of the data server 10 to the memory card 40 by a predetermined operation such as drag and drop on the take-out management application 32 by the user. The attribute data is downloaded and stored in the memory card 40 (4). By downloading the confidential data, the confidential attribute data is also downloaded at the same time, and these data are written in the secure storage area 45 under the control of the card application 44 of the memory card 40. At the same time, the access log is written into the log storage area 47.

  Also, an operation history reflecting the operation of (4) is registered as an access log of the log management server 20 shown in FIG. 5 (5).

  When the user performs an operation of reading a predetermined file (confidential data) from the memory card 40, first, the carry-out management application 32 stores the confidential attribute data stored in the secure storage area 45 of the memory card 40 in (4). Is read (6). This confidential attribute data restricts operations on confidential data as shown in FIG. 3 according to the confidential classification. For example, when the confidential classification of the confidential attribute data read out in the example of FIG. 3 is “9”, printing and copying of confidential data corresponding to the confidential attribute data are prohibited. In this example, in relation to the confidential data, the export management application 32 restricts the functions of the general PC software described above, thereby restricting operations on the confidential data. (7).

  After the function limitation of the take-out management application 32, the confidential data itself of the confidential attribute data read out first is read from the secure storage area 45 of the memory card 40 (8). The read confidential data is edited by the user performing a predetermined operation via general PC software whose function is restricted (step (7)) by the export management application 32. (Rewriting) is performed (editing is not restricted), and then the edited confidential data is stored in the memory card 40 (9). Further, an access log corresponding to the use history of (8) and (9) is registered in the log storage area 47 of the secure storage area 45 (10).

  Subsequently, the user returns the edited confidential data to the data server 10. Similar to the above (3), mutual authentication between the data server 10 and the memory card 40 is performed, and secure communication is established (11).

  The confidential data edited and the confidential attribute data associated with the confidential data are sent from the memory card 40 to the data server 10 by a predetermined drag-and-drop operation on the take-out management application 32 by the user, and the data server 10 information folders 12 are stored (12).

  Then, the operation history reflecting the return operation of (12) is registered as an access log linked to the take-out list 22 of the log management server 20 shown in FIG. 5 (13). Based on the steps described above, the edited confidential data and the access log of the confidential data are registered in the data server 10 and the log management server 20. However, the configuration is such that the access log accumulated in the log storage area 47 of the memory card 40 is automatically sent to the log management server 20 at the time of the authentication of (11) before the return processing of (12). You may make it take. In such a configuration, the access log accumulated in the log storage area 47 in the offline state can be surely registered in the log management server 20 when the online state is entered.

  8 and 9 show specific operation examples on the display of the personal computer 30. FIG. In this example, four types of confidential classification, “secret”, “secret”, “in-house information”, and “normal” are given. FIG. 8 shows the operation of the personal computer 30 in accessing the memory card 40.

  As shown in FIG. 8A, when the user inserts the memory card 40 into the personal computer 30, first, the personal computer 30 recognizes the existence of the general storage area 46 of the memory card 40, and is shown in FIG. 8B. Thus, the display screen of the general storage area including the display (icon) of the carry-out management application 32 is activated. Click this icon to access the secure storage area in the memory card. Then, the card application 44 of the IC chip 42 is activated, communication between the personal computer 30 and the card application 44 is started, and a password authentication request screen is displayed (FIG. 8C).

  Then, when the user inputs a predetermined password, as shown in FIG. 8D, the file stored in accordance with the security classification is displayed (display of secure storage area). In this example, each security classification is displayed overlaid on the icon of each file.

Of the displayed icons, the icons to which the confidential classification of “secret” and “in-house” is assigned are so-called confidential data, and further authentication is required to access these data. In this example, authentication of the employee card IC card is required as shown in FIG. When authentication is successful, these files are opened for the first time (FIG. 8 (f)).
The employee card IC card can be replaced with another IC card.

  FIG. 9 shows the operation of the personal computer 30 at the time of taking out and returning data between the data server 10 and the memory card 40. A screen of a predetermined file (information folder 12 in FIG. 1) of the data server 10 is shown in FIG. 9A, and drag-and-drop between the screen of the memory card 40 in FIG. 9B is performed. By performing the operation, the file can be moved.

  In this example, confidential data having “strict” as the confidential classification cannot be moved from the data server 10 to the memory card 40 (1). Confidential data having “secret” as the confidential classification can be moved from the network 10 to the memory card 40 by drag and drop (D & D) (2), but access is restricted (3). Normal data movement is free (4).

  Returning data to the data server 10 is achieved by performing a reverse drag and drop operation (5). The return is to move the data from the memory card 40 to the data server 10 and erase the data from the memory card 40. The return data security classification is determined by the return destination folder of the data server 10 (having a unique security classification). At this time, the confidential classification originally held by the target data is referred to, and cannot be returned and stored in the folder of the confidential classification having a lower rank than the confidential classification. If the data can be returned to any folder, storing the data in the memory card 40 allows the user to freely operate the confidential classification of the data. In order to prevent such an operation that may lead to an unauthorized operation, the return destination folder is limited.

  In addition, copying of data from the data server 10 to the hard disk in the personal computer 30 (FIG. 9C) is completely prohibited to prevent information leakage (6). Such restriction is achieved by performing function restriction on general PC software by the carry-out management application 32 shown in (7) of FIG. Of course, it is free to copy the data in the hard disk to the data server 10 (7).

  As described above, according to the present invention, body data such as a document file is transmitted via a server including the data server 10 that stores body data such as a document file having a predetermined security classification and an information processing terminal such as a personal computer 30. A storage medium such as a memory card that can exchange data is provided. This storage medium can store confidential attribute data for specifying the confidential classification and main body data in association with each other.

  Therefore, the confidential classification and the main body data are stored and stored in the storage medium in association with each other. Therefore, unauthorized use including unauthorized printing and copying by a user can be easily prevented. In addition, it is easy to take defense measures against data leakage due to loss of media, and a higher information leakage prevention function can be provided.

  In addition, the storage medium is provided with an access log storage area for storing an access log relating to an access history for main body data. In this access log storage area, access logs for printing, copying, and the like are stored. Therefore, by checking the stored access log, it is easy to quickly find unauthorized use before information is leaked and to quickly find the source even after information is leaked.

  Furthermore, the present invention provides a server including a storage medium storing main body data and a data server 10 and a log management server 20 that can exchange data via an information processing terminal. This server stores main body data and confidential attribute data in association with each other, and also stores an access log relating to an access history for main body data.

  This server can store an access log for printing, copying, etc. to main data such as a document file. Therefore, by checking the stored access log, it is easy to quickly find unauthorized use before information is leaked and to quickly find the source even after information is leaked.

  Furthermore, the present invention provides an information security system constructed from a server and a storage medium capable of exchanging data with the server via a network and an information processing terminal. In this information security system, main server data and confidential attribute data for specifying a predetermined security classification of the main body data are stored in the server and the storage medium in association with each other between the server and the storage medium. .

  Since the confidential classification and the main body data are always associated with each other and stored and stored, unauthorized use including unauthorized printing and copying by the user can be easily prevented. In addition, it is easy to take defense measures against data leakage due to loss of media, and a higher information leakage prevention function can be provided.

  The take-out management application 32 may be the one originally installed in the personal computer 30. However, as shown in FIG. 8 (a), the one stored in the memory card 40 is called and personalized. It may be started on the OS of the computer 30. In this case, it is desirable that the carry-out management application 32 is stored in advance in the general storage area 46 of the memory card 40 and that a predetermined authentication request is issued from the carry-out management application 32 when the call is made ( The same configuration as in FIG. With this configuration, the carry-out management application 32 can be used on the personal computer 30 only when correct authentication is performed in response to the authentication request of the carry-out management application 32. Under such a configuration, since the application program is not placed in the information processing terminal, a highly reliable protection function can be obtained against fraudulent acts such as falsification of the application program. Further, an access log for the carry-out management application 32 may be stored in the log management server 20 and the log storage area 47.

  For example, when the personal computer 30 requests the memory card 40 to issue a take-out management application 32 together with predetermined authentication information (authentication key) and starts the take-out management application 32 received by the personal computer 30, the take-out management application The authentication processing of the carry-out management application 32 can be performed using authentication information between the memory card 40 and the memory card 40. As such an application authentication technique, for example, a method disclosed in Japanese Patent Application Laid-Open No. 2005-71328 can be used.

  Although various embodiments of the present invention have been described above, the present invention is not limited to the matters shown in the above-described embodiments, and those skilled in the art can make modifications and applications based on the description and well-known techniques. This is also the scope of the present invention, and is included in the scope of seeking protection.

  According to the present invention, a highly reliable information leakage prevention measure is achieved, and a storage medium, a data server, and an information security system having a high information leakage prevention function are provided.

Overall configuration diagram of information security system of the present invention Figure showing an example of the information folder of the data server Figure showing an example of security classification Figure showing an example of a log management server export list Figure showing an example of access log Internal block diagram of memory card Operation sequence diagram of information security system Specific example of access procedure to memory card on personal computer The figure which shows the specific example of the data movement procedure between the data server and memory card on a personal computer

Explanation of symbols

10 data server 12 information folder 20 log management server 22 take-out list 30 personal computer 32 take-out management application 40 memory card 41 control unit 42 IC chip 43 nonvolatile memory area 44 card application 45 secure storage area 46 general storage area 47 log storage area 100 network

Claims (11)

The main body data can be exchanged via the information processing terminal and the server that stores the main body data having a predetermined security classification,
A portable storage medium capable of storing confidential attribute data for specifying the confidential classification and the main body data in association with each other. The portable storage medium according to claim 1,
A portable storage medium that restricts access to the main body data according to the security classification. The portable storage medium according to claim 2,
A portable storage medium comprising a semiconductor chip storing an application for controlling the access restriction. The portable storage medium according to claim 2 or 3,
A portable storage medium in which the access restriction includes prohibition of printing and copying of the main body data. The portable storage medium according to claim 3, wherein
The portable storage medium includes a general storage area and a secure storage area,
The general storage area is composed of a storage area that can be directly read and written from the information processing terminal,
The secure area is composed of a storage area that can be read and written from the information processing terminal under access control of an application stored in the semiconductor chip,
A portable storage medium in which the confidential attribute data and the main body data are associated with each other and held in the secure recording area under access control of the application. The portable storage medium according to claim 5,
The portable storage medium holds the application program of the main body data in the general storage area,
A portable storage medium in which the application program can be used on the information processing terminal by satisfying an authentication request defined by the application program. The portable storage medium according to any one of claims 1 to 6,
A portable storage medium comprising an access log storage area for storing an access log relating to an access history to the main body data. The portable storage medium according to any one of claims 1 to 7,
The portable storage medium is a portable storage medium composed of a memory card that is detachable from the information processing terminal. It is possible to exchange data via an information processing terminal with main body data having a predetermined security classification, confidential attribute data for specifying the security classification and a storage medium storing the main body data in association with each other,
A server device that stores the main body data and the confidential attribute data in association with each other and stores an access log relating to an access history to the main body data. Portable storage capable of exchanging the main body data via a server that stores main body data having a predetermined security classification and an information processing terminal, and storing the attribute data specifying the security classification and the main body data in association with each other Medium,
Server apparatus capable of exchanging data via the storage medium and an information processing terminal, storing the main body data and the confidential attribute data in association with each other, and storing an access log related to an access history to the main body data With
Information security system. The information security system according to claim 10,
An information security system in which an access log related to an access history to main body data is stored in each of the server and the portable storage medium.