JP7527539B2 - Electronic data management method, electronic data management device, program therefor, and recording medium - Google Patents

Description

The present invention relates to an electronic data management method, an electronic data management device, a program and a recording medium for managing electronic data, which prevent leakage of electronic data from a computer by controlling operations on electronic data (files) stored in an auxiliary storage means using a control means.

Electronic data is stored in auxiliary storage devices of computers such as HDDs and SSDs, recording media such as CDs and flash memory, and network storage on a network. A user accesses this electronic data using the computer they are operating, and processes electronic data files by viewing, editing, creating new files, deleting files, etc.

Electronic data is a broad concept that includes images, videos, music, text documents, and documents in specific formats. Electronic data consisting of personal information, business know-how, and other such data is confidential, and access rights to this electronic data must be managed, protected, and prevented from leaking to the outside. Even if electronic data is stored in the auxiliary storage device, recording medium, network storage, etc. of a computer as described above, the electronic data can be viewed, edited, newly created, deleted, and other processes performed on the computer operated by the user.

A user accesses an auxiliary storage device built into or external to the electronic computer to view and edit electronic data, and also transmits the data via the network to network storage, other electronic computers, and other people. A user also operates an electronic computer to receive electronic data from network storage, other electronic computers, and other people, and to view, edit, and use the data. Of course, a user can transfer or copy and transfer electronic data to a device built into or connected to the electronic computer.

In particular, when recording or printing on a recording medium, electronic data is transferred from the computer to a recording device or printing device built into or connected to the computer and recorded or printed there. In consideration of these usage patterns, and from the standpoint of protecting electronic data and preventing leakage, it is important to strictly manage electronic data by obtaining not only the electronic data itself, but also the history of access to the electronic data or the storage device in which the electronic data is stored, particularly the history of viewing, editing, copying, printing, transmission, etc. of the electronic data.

Furthermore, in recent years, it has become common to connect electronic computers to a network, store electronic data in network storage on the network, and download the electronic data from the network storage to the electronic computer for use. When electronic data is stored in an electronic computer or a recording medium, there is a risk that it may be leaked through various routes.

Leaking of electronic data means that electronic data is moved or copied in a manner that is inconsistent with the intended purpose of use or in an illegal manner, and is taken outside or is in a situation where it can be taken outside. Examples of leaking of electronic data include hacking or cracking to obtain electronic data in an illegal manner, a user or administrator of a computer illegally copying or moving electronic data and taking it outside, electronic data leaking to a third party due to loss of a computer or auxiliary storage means, and electronic data that requires management being stored in an auxiliary storage means that cannot be managed and left in a situation where it can be viewed by third parties, including an unspecified number of users.

As a specific example, when electronic data is stored in an auxiliary storage device such as a flash memory connected to a computer, there is a risk that the data will be leaked to the outside (third party) if the auxiliary storage device is lost. In addition, temporary files such as application programs stored in the auxiliary storage device built into the computer may be leaked if the computer is lost, unauthorized access is made to the computer, or the electronic data on the computer is copied by a user.

In terms of preventing the leakage of electronic data, particularly confidential data, it is important to control electronic computers so that electronic data cannot be used for purposes other than those intended. Various preventive measures against such information leakage have been implemented and proposed. For example, when storing electronic data in an auxiliary storage device connected to an electronic computer, measures are taken such as encrypting the electronic data and authenticating the auxiliary storage device (see, for example, Patent Document 1). The program of the data management system disclosed in Patent Document 1 controls the electronic computer that processes the client's user data stored in non-volatile memory so that the computer cannot use the data for purposes other than those intended.

A data management program has been disclosed for copying user data, preventing it from being used for purposes other than those for which it was intended, and monitoring it (see, for example, Patent Document 2). When a storage device storing user data is connected to a client computer, the data management program described in Patent Document 2 goes into control mode, prohibits writing to all external storage devices, sets the device to prohibit network use, and obtains the file name, folder name, and attribute data of executable files, as well as the process name and process ID of the process being executed, to control the electronic data.

JP 2011-8813 A International Publication No. WO2007/049625

However, in the example data management program described in Patent Document 2, when an application program opens, views, and edits a managed file that requires close data management, the entire computer enters control mode, and files other than the managed file are also viewed and edited in control mode, and normal files must be saved only in the controlled folder specified in the control mode. For this reason, users who want to store normal files in any storage means of the computer and handle them freely must cancel the control mode of the computer, which is inconvenient.

The present invention has been made against the background of the above-mentioned technology, and achieves the following objectives. The objective of the present invention is to provide an electronic data management method, an electronic data management device, a program and a recording medium therefor, which are capable of handling normal files and preventing information leakage of electronic data even in a control mode in which management to prevent information leakage of electronic data is performed in an electronic computer.

Another object of the present invention is to provide an electronic data management method, an electronic data management device, a program, and a recording medium therefor that are capable of handling normal files and tracking and monitoring access to electronic data even in a control mode in which management to prevent information leakage of electronic data is performed in an electronic computer.

A further object of the present invention is to provide an electronic data management method, an electronic data management device, a program and a recording medium for managing electronic data so that temporary files created when using an application program cannot be used for purposes other than the intended purpose in a control mode in which electronic data is managed to prevent information leakage in an electronic computer.

In order to achieve the above object, the present invention employs the following means.
The present invention relates to an electronic data management method, an electronic data management device, a program therefor, and a recording medium.

The electronic data management method according to the first aspect of the present invention comprises the steps of:
1. An electronic data management method for preventing leakage of user data when user data stored in an auxiliary storage device of an electronic computer is operated by an application program, by controlling the electronic computer with control means having: (a) a first control mode for controlling the electronic computer by permitting the operation and executing the operation in accordance with a preset control list, or by disallowing the operation and interrupting the operation in accordance with the control list, and (b) a second control mode for not controlling the operation executed by the electronic computer,
the auxiliary storage device comprises a control area which is accessible only when the control means is operating in the first control mode and in which movement or copying of stored electronic data is permitted only within its own area, and a normal area which is accessible when the control means is operating in the first control mode or the second control mode and in which movement or copying of stored electronic data to any area is permitted,
When saving a file consisting of the user data that has been read from the control area or the normal area and is being viewed or edited by the application program,
The control means obtains access information including a save operation indicating the save operation by the application program and a file path indicating the storage location from which the file is read out ;
Analyzing the access information by the control means;
When the control means is operating in the first control mode,
When the file path indicates the control area, permitting the save operation to save the file in the control area and disallowing the save operation to save the file in the normal area;
When the file path indicates the normal area, permitting the save operation to save the file in the control area and registering in the control list that the file is not to be saved in the normal area, or permitting the save operation to save the file in the normal area;
When the control means is operating in the second control mode,
Since the file path indicates the normal area, the save operation for saving the file in the normal area is permitted.

The electronic data management method of the present invention 2 is the method of the present invention 1,
The control means includes an add-in means that is registered as a function extension in the application program in order to monitor the operation of the application program and that acquires the access information.

The electronic data management method of the present invention 3 is the same as that of the invention 2,
The control means operates in a kernel mode in which all commands of an operating system can be executed, and provides a common interface for communication between device drivers for directly controlling devices connected to the computer, or for communication between the device drivers and the application programs;
an interface unit for receiving first data including an instruction and/or data output from the application program, and for transmitting second data including an execution result of the instruction and/or received data received from the device driver to the application program;
a device driver control unit for transmitting third data including the command and/or the data to the device driver and receiving fourth data including an execution result of the command and/or the received data from the device driver;
a control unit for processing the first data or the fourth data, generating the second data or the third data, and controlling the first to fourth data; and
an encryption unit for encrypting data to generate encrypted data, and a decryption unit for decrypting the encrypted data to generate the original data,
the control unit acquires the access information from the add-in means via the interface unit, analyzes the access information, and permits or prohibits the save operation;
When the access is permitted, the control unit transmits the access information to the device driver control unit for execution, and transmits a result of the execution to the add-in means via the interface unit;
When the permission is not granted, the control unit transmits the notification of the non-permission to the add-in means via the interface unit.

The electronic data management method of the fourth aspect of the present invention is the method of the first to third aspects of the present invention,
When a new file is created by the application program and the file that is the new file is saved,
The control means obtains the access information, which is composed of the save operation indicating an operation of saving the file by the application program and the file path indicating a location where the new file is to be stored;
Analyzing the access information by the control means;
When the control means is operating in the first control mode,
When the file path indicates the control area, permitting the save operation to save the file in the control area, and registering in the control list that the file is not to be saved in the normal area;
When the file path indicates the normal area, permitting the save operation to save the file in the normal area;
When the control means is operating in the second control mode,
The save operation for saving the file in the normal area is permitted.

The electronic data management device of the fifth aspect of the present invention is
a control means having (a) a first control mode for controlling the electronic computer by permitting the operation and executing the operation in accordance with a preset control list, or by disallowing the operation and interrupting the operation in accordance with the control list, when user data stored in an auxiliary storage device of the electronic computer is operated by an application program, and (b) a second control mode for not controlling the operation executed by the electronic computer,
2. An electronic data management device for preventing leakage of user data by controlling the electronic computer with the control means,
the auxiliary storage device comprises a control area which is accessible only when the control means is operating in the first control mode and in which movement or copying of stored electronic data is permitted only within its own area, and a normal area which is accessible when the control means is operating in the first control mode or the second control mode and in which movement or copying of stored electronic data to any area is permitted,
When saving a file consisting of the user data that has been read from the control area or the normal area and is being viewed or edited by the application program,
The control means acquires access information including a save operation indicating the save operation by the application program and a file path indicating a storage location from which the file is read out , analyzes the access information, and
When the control means is operating in the first control mode,
When the file path indicates the control area, the control means permits the save operation to save the file in the control area and does not permit the save operation to save the file in the normal area;
When the file path indicates the normal area, the control means permits the save operation to save the file in the control area and registers in the control list that the file is not to be saved in the normal area, or permits the save operation to save the file in the normal area;
When the control means is operating in the second control mode,
Since the file path indicates the normal area, the control means permits the save operation to save the file in the normal area.

The electronic data management device of the present invention according to the sixth aspect of the present invention comprises the steps of:
The control means includes an add-in means that is registered as a function extension in the application program in order to monitor the operation of the application program and that acquires the access information.

The electronic data management device of the seventh aspect of the present invention is the electronic data management device of the sixth aspect of the present invention,
The control means operates in a kernel mode in which all commands of an operating system can be executed, and provides a common interface for communication between device drivers for directly controlling devices connected to the computer, or for communication between the device drivers and the application programs;
an interface unit for receiving first data including an instruction and/or data output from the application program, and for transmitting second data including an execution result of the instruction and/or received data received from the device driver to the application program;
a device driver control unit for transmitting third data including the command and/or the data to the device driver and receiving fourth data including an execution result of the command and/or the received data from the device driver;
a control unit for processing the first data or the fourth data, generating the second data or the third data, and controlling the first to fourth data; and
an encryption unit for encrypting data to generate encrypted data, and a decryption unit for decrypting the encrypted data to generate the original data,
the control unit acquires the access information from the add-in means via the interface unit, analyzes the access information, and permits or prohibits the save operation;
When the access is permitted, the control unit transmits the access information to the device driver control unit for execution, and transmits a result of the execution to the add-in means via the interface unit;
When the permission is not granted, the control unit transmits the notification of the non-permission to the add-in means via the interface unit.

The electronic data management device of the eighth aspect of the present invention is the electronic data management device of the fifth to seventh aspects of the present invention,
When creating a new file in the application program and saving the file that is the new file,
The control means obtains the access information, which is composed of the save operation indicating an operation of saving the file by the application program and the file path indicating a location where the new file is to be stored;
Analyzing the access information by the control means;
When the control means is operating in the first control mode,
When the file path indicates the control area, the control means permits the save operation for saving the file in the control area, and registers in the control list that the file is not to be saved in the normal area;
When the file path indicates the normal area, the control means permits the save operation to save the file in the normal area;
When the control means is operating in the second control mode,
The control means permits the save operation for saving the file in the normal area.

The electronic data management program of the ninth aspect of the present invention is
a control program for causing the electronic computer to function as a control means having (a) a first control mode for controlling the electronic computer by permitting the operation and executing the operation in accordance with a preset control list, or by disallowing the operation and interrupting the operation in accordance with the control list, when user data stored in an auxiliary storage device of the electronic computer is operated by an application program, and (b) a second control mode for not controlling the operation executed by the electronic computer,
1. An electronic data management program for preventing leakage of user data by controlling and operating the electronic computer using the control program, comprising:
the auxiliary storage device comprises a control area which is accessible only when the control means is operating in the first control mode and in which movement or copying of stored electronic data is permitted only within its own area, and a normal area which is accessible when the control means is operating in the first control mode or the second control mode and in which movement or copying of stored electronic data to any area is permitted,
When saving a file consisting of the user data being viewed or edited by the application program,
The control program includes:
acquiring access information read from the control area or the normal area, the access information including a save operation indicating the save operation by the application program and a file path indicating a storage location from which the file has been read;
analyzing the access information;
When the control means is operating in the first control mode,
when the file path indicates the control area, permitting the save operation to save the file in the control area and disallowing the save operation to save the file in the normal area;
permitting the save operation to save the file in the control area when the file path indicates the normal area, and registering in the control list that the file will not be saved in the normal area, or permitting the save operation to save the file in the normal area;
When the control means is operating in the second control mode,
Since the file path indicates the normal area, the computer is caused to execute the step of permitting the save operation to save the file in the normal area.

The electronic data management program of the present invention according to the tenth aspect of the present invention comprises the steps of:
The control program is characterized in that it comprises an add-in section that is registered as a function extension to the application program in order to monitor the operation of the application program and causes the electronic computer to execute a step of acquiring the access information.

The electronic data management program of the present invention according to the eleventh aspect of the present invention comprises the steps of:
The control program operates in a kernel mode in which all commands of an operating system can be executed, and provides a common interface for communication between device drivers for directly controlling devices connected to the computer, or for communication between the device drivers and the application programs,
an interface unit for receiving first data including an instruction and/or data output from the application program, and for transmitting second data including an execution result of the instruction and/or received data received from the device driver to the application program;
a device driver control unit for transmitting third data including the command and/or the data to the device driver and receiving fourth data including an execution result of the command and/or the received data from the device driver;
a control unit for processing the first data or the fourth data, generating the second data or the third data, and controlling the first to fourth data; and
an encryption unit for encrypting data to generate encrypted data, and a decryption unit for decrypting the encrypted data to generate the original data,
the control unit causes the electronic computer to execute a step of acquiring the access information from the add-in unit via the interface unit, a step of analyzing the access information, and a step of permitting or not permitting the save operation;
When the access is permitted, the control unit causes the electronic computer to execute a step of transmitting the access information to the device driver control unit for execution, and a step of transmitting a result of the execution to the add-in unit via the interface unit;
When the permission is not granted, the control unit causes the computer to execute a step of transmitting the permission not granted to the add-in unit via the interface unit.

The electronic data management program of the present invention according to the twelfth aspect of the present invention is the program according to the ninth to eleventh aspects of the present invention,
When a new file is created by the application program and the file that is the new file is saved,
The control program includes:
obtaining the access information, the access information comprising the save operation indicating an operation to save the file by the application program and the file path indicating a location to store the new file;
analyzing the access information;
When the control means is operating in the first control mode,
when the file path indicates the control area, permitting the save operation for saving the file in the control area, and registering in the control list that the file is not to be saved in the normal area;
permitting the save operation to save the file in the normal area when the file path indicates the normal area;
When the control means is operating in the second control mode,
The method is characterized in that the electronic computer is caused to execute a step of permitting the save operation for saving the file in the normal area.

The recording medium for the electronic data management program of the thirteenth aspect of the present invention is a recording medium for the electronic data management program that records an electronic data management program of one of the inventions selected from the nineth to twelveth aspects.

The present invention provides the following advantages.
According to the present invention, when electronic data stored in a controlled folder and electronic data stored in a normal folder such as the desktop are simultaneously edited in an application program, the electronic data stored in the normal folder can be overwritten and saved.

In addition, according to the present invention, when viewing, editing, and saving user data in a normal folder using an application program, there is no need to disable the control mode, which increases user convenience.

Furthermore, according to the present invention, temporary files of electronic data being worked on in an application program can be managed separately as electronic data to be managed and as regular electronic data.

Furthermore, according to the present invention, the application program can manage newly created electronic data separately as managed electronic data and regular electronic data.

FIG. 1 is a conceptual diagram illustrating an overview of an electronic data management system 1 according to a first embodiment of the present invention. FIG. 2 is a block diagram showing an outline of the user terminal 2 of the electronic data management system 1 according to the first embodiment of the present invention. FIG. 3 is a block diagram showing an example of the configuration of the user terminal 2 of the electronic data management system 1 according to the first embodiment of the present invention. FIG. 4 is a block diagram for explaining the control of user data in the user terminal 2 of the electronic data management system 1 according to the first embodiment of the present invention. FIG. 5 is a flow chart showing an outline of the operation of the user terminal 2 of the electronic data management system 1 according to the first embodiment of the present invention. FIG. 6 is a diagram illustrating a table showing an example of a control list according to the first embodiment of the present invention. FIG. 7 is a flow chart showing an example of the operation of the control program 9 of the electronic data management system 1 according to the first embodiment of the present invention. FIG. 8 is a flow chart showing a detailed operation example of the control program 9 of the electronic data management system 1 according to the first embodiment of the present invention. FIG. 9 is a flowchart showing an example of a procedure in which the control program 9 operates when creating a new file in the second embodiment of the present invention. FIG. 10 is a diagram illustrating a table showing an example of a device list in another embodiment of the present invention.

Hereinafter, an embodiment of the present invention will be described with reference to the drawings.
[First embodiment of the present invention]
Hereinafter, an electronic data management system 1 according to a first embodiment of the present invention will be described with reference to the drawings. Fig. 1 is a block diagram showing an overview of the electronic data management system 1 according to the first embodiment of the present invention, Fig. 2 is a block diagram showing an overview of a user terminal 2 of the electronic data management system 1, and Fig. 3 is a block diagram showing an example of the configuration of the user terminal 2.

The electronic data management system 1 is a system for preventing the leakage of electronic data, and is composed of a user terminal 2, cloud storage 3, a network 4, etc. The user terminal 2 is equipped with an auxiliary storage device 5 that stores electronic data such as user data and program code. The electronic data management system 1 is equipped with a control program 9 having a structure as shown in Figure 2. When electronic data is used on the user terminal 2, the control program 9 monitors the use and controls the user terminal 2.

The auxiliary storage device 5 is made up of multiple folders for storing electronic data, such as a normal folder 6 and a synchronous folder 7. The electronic data stored in the synchronous folder 7 is data that needs to be managed so as not to be leaked from the user terminal 2 to the outside, and is basically encrypted. The synchronous folder 7 is a folder in which the electronic data therein is restricted from being copied or moved to other folders in the user terminal 2, an auxiliary storage device built into or connected to the user terminal 2, etc.

The synchronous folder 7 is a controlled folder in which stored electronic data is strictly managed, in other words, a managed folder. Electronic data stored in the synchronous folder 7 is permitted to be copied or moved within this folder. The normal folder 6 is a normal folder on the user terminal 2, and electronic data stored therein can be copied or moved to other folders. The normal folder 6 does not require the folders and files to be strictly managed like the synchronous folder 7.

The sync folder 7 is synchronized with the cloud folder 8 of the cloud storage 3. The electronic data stored in the sync folder 7 is intended to be synchronized with the cloud storage 3, and this synchronization is performed by data communication via the network 4. The cloud storage 3 is an auxiliary storage device connected to a communication network such as the network 4, and is connected to the user terminal 2 via the network 4 to communicate data.

Cloud storage 3 is an auxiliary storage means connected to network 4, such as a storage means installed in a server, particularly a distributed network storage, a cloud service storage (cloud storage), etc. Network 4 is any known wired or wireless communication network, but is preferably a local area network (LAN) or the Internet. In this embodiment, network 4 is described as the Internet, although it is not limited thereto.

The user terminal 2 is an electronic computer operated and used by a user (details will be described later). The user terminal 2 can be directly connected to the network 4, but can also be connected to the network 4 via communication means such as a gateway, proxy server, router, or wireless access point (not shown) for use. The electronic data management system 1 of the present invention includes these communication means. In this embodiment, the connection means between the user terminal 2 and the network 4, the network 4 and the cloud storage 3, and the user terminal 2 and the cloud storage 3 are not the gist of the invention, so detailed description thereof will be omitted.

As shown in FIG. 2, the control program 9 is a control means for controlling the communication of electronic data within the user terminal 2. In detail, the control program 9 controls whether or not an application program 10 or the like accesses electronic data (user data) based on specific conditions. For example, when the application program 10 writes user data, the control program 9 checks whether the destination to which the user data is to be written is an authorized memory area, and controls the user terminal 2 by permitting or disallowing the writing.

When the application program 10 reads user data, the control program 9 checks whether the storage area is one in which the application program 10 is permitted to read user data, and then permits or disallows the reading, thereby controlling the user terminal 2. The sync folder 7 is synchronized with the cloud folder 8 in the cloud storage 3 via the network 4.

The term "synchronization" here means that the electronic data in the synchronized folder 7 is sent to and stored in the cloud storage 3, and the same data as the electronic data stored in the synchronized folder 7 is stored in the cloud folder 8 assigned to the synchronized folder 7. The synchronized folder 7 is accessed from an application program 10 or the like, and a list of the electronic data stored therein is obtained.

When the application program 10 or the like reads out electronic data specified in this list, the actual electronic data to be read out is downloaded from the cloud folder 8 to the synchronous folder 7 and can be provided to the application program 10 or the like. In this way, the synchronous folder 7 can be a network folder or a virtual folder that does not have the actual electronic data in the user terminal 2, but hereinafter it will be treated as being equivalent to a folder in the user terminal 2.

The files and directories of user data in the sync folder 7 are synchronized with the cloud storage 3, in particular with the cloud folder 8 assigned to the sync folder 7. The cloud folder 8 is accessed by users who have been given access rights. The cloud folder 8 can be created for each application program or user, and is set by the user or administrator according to the purpose of use.

The access rights required to access the cloud storage 3 and the cloud folder 8 are set by an administrator, and the user is provided with identification data such as a user name, identification number, and password required for access. The user uses the identification data to access the cloud folder 8 from the user terminal 2. The user operates the application program 10 on the user terminal 2 to view and edit the user data stored in the normal folder 6 or the synchronous folder 7, and store it in the synchronous folder 7 or the normal folder 6.

After the user data stored in the synchronous folder 7 is synchronized with the cloud folder 8, it is deleted as much as possible. This is to store the minimum amount of user data possible in the synchronous folder 7 of the user terminal 2. It is also to minimize the leakage of user data from the user terminal 2 and prevent the leakage of user data. When there is a change in the user data in the synchronous folder 7, this is sent to the cloud folder 8 and synchronization is established. The synchronous folder 7 is basically an encrypted storage means.

User data includes user data used on the user terminal 2, user data derived from this user data and created on the user terminal 2, newly created new user data, etc., and hereafter all of these user data will be referred to simply as "user data". Data communication between the user terminal 2 and cloud storage 3 encrypts the electronic data to be communicated and transmits and receives it between them according to a specified communication protocol.

Any communication protocol can be used, but a protocol conforming to the ISO reference model, particularly a general-purpose protocol used on the Internet such as TCP/IP, is preferred. Data communication between the user terminal 2 and cloud storage 3 is not the gist of the invention, so a detailed description thereof will be omitted. The synchronous folder 7 stores user data, and if necessary, a directory 7a can be created therein and user data can be stored in the directory 7a.

The normal folder 6 may also store user data, and if necessary, a directory 6a may be created and user data may be stored in the directory 6a. The user terminal 2 can set a schedule for each folder 8 when saving (backing up or synchronizing) the contents of the sync folder 7 to the cloud storage 3.

For example, at a predetermined time, when there is a request from the application program 10 or a service of the operating system 11, or when there is an instruction from the user, the user terminal 2 transmits the contents of the specified folder 7a or synchronous folder 7. The user terminal 2 can transmit the difference between the contents of the synchronous folder 7 or folder 7a transmitted previously to the cloud storage 3 to synchronize the difference.

The user terminal 2 is a general-purpose electronic computer equipped with a central processing means, a main memory means, an auxiliary memory means, an input means, an output means, a bus connecting these means to each other and transmitting data, etc. The main memory means is the electronic computer's RAM (Random Access Memory), which is a volatile memory. Examples of the auxiliary memory means 5 include a HDD (Hard disk drive) and an SSD (Solid state drive).

In the present invention, the electronic computer and its hardware configuration are not the gist of the invention, so a detailed description will be omitted. The auxiliary storage device 5 stores the code of the operating system 11 (hereinafter simply referred to as the operating system 11), the code of the application program 10 (hereinafter simply referred to as the application program 10), and electronic data such as user data.

The application program 10 is usually called from the operating system 11, loaded into the main memory means, and runs. User files that are open and being worked on by the application program 10 are also loaded into the main memory means. The user terminal 2 is equipped with many interfaces for connecting hardware means such as a network card 17 (see Figure 3), but as interfaces are not the gist of the present invention, detailed explanations of these will be omitted.

As shown in FIG. 2, an operating system 11 runs on a user terminal 2, and an application program 10 runs on a platform provided by the operating system 11. The user terminal 2 is equipped with devices 12 such as input/output means and an auxiliary storage device 5. The user terminal 2 is equipped with a device driver 13 for controlling the device 12. The device driver 13 is software for controlling the device 12, and is located between the operating system 11 and the device 12, transmitting and receiving data between them.

The device driver 13 is located between the input/output function (I/O function) of the operating system 11 and the device 12, and controls the sending and receiving of data between the I/O function of the operating system 11 and the device 12, and the sending and receiving of data between the application program 10 and the device 12 via the I/O function of the operating system 11. The operating system 11 uses the I/O function to control the device 12 via the device driver 13.

In other words, the operating system 11 controls the device 12 with the device driver 13 via its input/output function (I/O function). The I/O function exposes a specific function as part of the operating system 11, allowing the application program 10 and the like to use this to access the device 12, and the device driver 13 uses this to send and receive data.

Basically, a device driver 13 exists for each device 12, but for standardized devices 12 such as those conforming to the USB standard, it is possible for one device driver 13 to control multiple devices 12. There are device drivers 13 provided together with the operating system 11 and device drivers 13 provided separately from the operating system 11.

The device driver 13 is installed and operates in the user terminal 2. When the device 12 is connected to the user terminal 2, when the device 12 connected to the user terminal 2 is used, when the user terminal 2 receives an instruction from the user or the application program 10, etc., the device driver 13 is installed in the user terminal 2. A virtual device such as a RAM disk realized in software is controlled by a device driver for that virtual device and is used in the same way as the device 12, so in this embodiment, the virtual device is treated as a type of device 12.

The file system driver 14 is a type of device driver 13, and serves as a gateway for the input/output functions (I/O functions) of the operating system 11 with respect to the auxiliary storage device 5, and controls the auxiliary storage device 5. The operating system 11 has a kernel mode 15 in which all commands provided by the operating system 11 can be executed, and a user mode 16 in which some commands are restricted.

The device driver 13 runs in kernel mode 15. The file system driver 14 runs in kernel mode 15. The application program 10 runs in user mode 16. Some application programs 10 run in kernel mode 15, but these are limited to special programs such as programs that directly access system resources.

General-purpose application programs, particularly object-oriented application programs, basically run in user mode 16, and when accessing kernel mode 15, they utilize functions such as input/output functions provided by the operating system 11. In the present invention, the input/output functions of the operating system 11 and the device drivers 13 are controlled by a control program 9 located between the operating system 11 and the device drivers 13. The configuration and functions of the control program 9 will be described in detail later.

The operating system 11 is software that provides basic functions such as input functions from input means such as keyboard input and mouse input, output functions from output means such as screen output, the function of writing data to storage means, the function of reading data from storage means, and memory management functions, and operates and manages the entire user terminal 2. The operating system 11 is also called basic software. The operating system 11 is composed of many executable programs to realize the functions it provides.

Here, we will describe the most representative components of the operating system 11. The operating system 11 is composed of a kernel, an executive, a subsystem, a Hardware Abstraction Layer (HAL), a device driver 12, etc. The executive provides the basic services of the operating system 11, such as memory management, process and thread management, security, I/O (input/output), networking, and inter-process communication.

The device driver 13 is created for each device 12 connected to the user terminal 2, and directly controls the device 12 via HAL. The device driver 13 provides a service for converting input/output function requests (I/O call requests) from the application program 10 or the operating system 11 into input/output function requests (I/O requests) for a specific device 12, and provides system services such as a file system and network drivers.

HAL is a code layer that separates and abstracts the kernel 40, device drivers 13, and executive from platform-specific hardware functions. HAL absorbs differences due to the model and type of hardware, such as the built-in devices of the user terminal 2 and the external devices connected to the user terminal 2, and provides abstracted services for each service of the operating system 11.

As a result, the various services that make up the operating system 11 are able to access hardware without being aware of differences in the model or type of hardware. In other words, HAL is a component of the operating system 11 that absorbs and abstracts the hardware-dependent parts. As above, we have explained the representative configuration and functions of the operating system 11, but for more details, please refer to related books, web sources, etc. and we will omit details here.

Typical file systems include FAT32, NTFS, exFAT, etc., but are not limited to these and any file system recognized by the operating system 11 can be used. In this embodiment, the device driver 13 is described as being attached to the operating system 11.

The file system driver 14 manages information about files and folders stored in the auxiliary storage device 5, and provides access to files and folders stored in the auxiliary storage device 5. In this example, the file system driver 14 provides access to storage means that are connected to the user terminal 2 and comply with standards such as IDE (Integrated Drive Electronics), ATA (Advanced Technology Attachment), SATA (Serial ATA), SCSI (Small Computer System Interface), USB (Universal Serial Bus), and derived standards. Since the hardware standards are not the gist of the present invention, detailed explanations will be left to the specification documents of each standard, and further explanation will be omitted.

[Control Program 9]
The control program 9 is for implementing data transmission and reception between device drivers 13 in kernel mode 15. When data is transferred between device drivers 13 in kernel mode 15, data transfer can be performed at high speed and data security can be ensured. This has the advantage of allowing large volumes of data to be transferred at high speed in a short period of time.

The control program 9 provides a common interface when the application program 10 accesses the device driver 13 and when the device driver 13 sends data to the application program 10. The control program 9 runs in the kernel mode 15 of the operating system 11. The control program 9 has the function of providing and controlling the sending and receiving of data not only between device drivers 13 but also between the operating system 11 and the device driver 13.

The control program 9 receives commands and/or data output from the application program 10. It analyzes this and controls the device driver 13 to execute commands or change and control them. The control program 9 sends the results of executing these commands and/or the received data received from the device driver 13 to the application program 10. The control program 9 communicates with the add-in unit 22 to send and receive data to and control the application program 10.

For example, it receives data related to the operation of application program 10 from add-in section 22 and sends commands for application program 10 to add-in section 22. Control program 9 is a well-known technology proposed by the applicant as an interface driver program for a computer, disclosed in, for example, WO02/091195, and is included in the present invention. Therefore, the functions of control program 9 necessary for the present invention will be described below, and a detailed explanation will be omitted.

Figure 3 shows an example of the configuration of a user terminal 2. The user terminal 2 is equipped with devices 12 such as a connector 18, a network card 17, a mouse (not shown), a keyboard (not shown), a display (not shown), a USB port 19, and an auxiliary storage device 5. A network driver 23 is a device driver 13 for controlling the network card 17. An interface driver 24 is a device driver 13 for controlling the connector 18.

The connector 18 is for connecting various external devices 20, and examples include serial ports such as SATA, RS-232C, IrDA, USB, and IEEE 1394 for connecting to peripheral devices, and parallel ports such as IEEE 1284, SCSI, and IDE. For example, peripheral devices such as scanners and printers are connected to the connector 18. The USB port 19 is a type of connector 18 that is widely used, and general-purpose electronic computers often have one or more USB ports 19.

It is common to connect a mouse, keyboard, printer, scanner, wireless communication device, flash memory 21, etc. to the USB port 19, and in this embodiment, the connector 18 and the USB port 19 are basically treated as synonyms. A flash memory 21, mouse (not shown), keyboard (not shown), etc. are connected to the USB port 19.

In this embodiment, the description will be given taking only one auxiliary storage device 5 as an example, but this is not limiting. The user terminal 2 in this embodiment has multiple auxiliary storage devices 5, including virtual auxiliary storage devices, RAM disks, etc. The auxiliary storage devices 5 store an operating system 11, program code necessary for the operation of the user terminal 2, various application programs 10, source code for modules, etc. The auxiliary storage devices 5 store user data.

User data includes, but is not limited to, text files, still image files, video files, audio files, document files of various formats (Word, pdf, etc.), program code files, executable files (.exe files), communication history, operation history of application programs, backup files of the operating system or application programs, various temporary files (tmp files, etc.), memory contents, and other files of any format, as well as backup files of these.

User data is also broadly interpreted to include data that requires data management, such as encryption/decryption codes, identification numbers, PIN numbers, personal information, customer data, business know-how, information related to confidential data, documents thereof, etc. User data is stored in the auxiliary storage device 5 either encrypted or unencrypted, as required by the user's request, the specifications or requirements of the application program 10, etc.

The add-in unit 22 shown in Figures 2 and 3 is a module or program added to the application program 10 to add or expand functions. In other words, the add-in unit 22 is incorporated into the application program 10 as an add-in function, and is located between the application program 10 and the operating system 11 to mediate and control the transmission and reception of commands and data between them.

The add-in unit 22 has a function of, for example, monitoring the startup of the application program 10 and the startup of the processes associated with it, and acquiring attribute information on these. The add-in unit 22 operates in the user mode 16. The application program 10 operating on the user terminal 2 displays user data on a display and performs processes such as editing and calculating the data. The application program 10 uses the functions provided by the operating system 11. For example, it inputs and outputs user data from an input/output device of the user terminal 2.

The application program 10 is an executable file or software that operates in the kernel mode 15 or user mode 16 of the operating system 11. In this embodiment, an application program 10 that operates in the user mode 16 is exemplified, but is not limited to this. For example, the application program 10 is software for creating and editing documents, such as word processing software, a text editor, or software for viewing, creating, and editing files in a specific format, such as PDF files.

[Control Program 9]
3, the control program 9 has an interface unit 31 for receiving commands, data, etc. from the application program 10 and transmitting data to the application program 10. The control program 9 also has a control unit 32 for controlling the overall operation of the control program 9 and a log acquisition unit 33 for acquiring the operation history of the control program 9.

The control program 9 has an encryption unit 34 for encrypting data, and a decryption unit 35 for decrypting the encrypted data. The control program 9 has a device driver control unit 36 for controlling the device driver 13. A device driver control unit 36 is created for each device driver 13. If multiple device drivers 13 have a common function, one device driver control unit 36 can control multiple device drivers 13.

The control unit 32 is the core of the control program 9, and controls and monitors other parts of the control program 9, such as the device driver control unit 36, interface unit 31, log acquisition unit 33, encryption unit 34, and decryption unit 35. The device driver control unit 36 is made up of control units for controlling each device driver 13. For example, it includes a network control unit 38 for controlling the network driver 23, and a file system control unit 37 for controlling the file system driver 14.

The control program 9 has an interface unit 31 for receiving commands and/or data output from the application program 10 and transmitting the execution results of these commands and/or received data received from the device driver 13 to the application program 10. The interface unit 31 communicates with the add-in unit 22 to send and receive data to and from the application program 10, and can control it.

For example, the interface unit 31 receives data related to the operation of the application program 10 from the add-in unit 22, and transmits commands for the application program 10 to the add-in unit 22. The control program 9 also receives commands and/or data from the application program 10. The control program 9 has a device driver control unit 36 for transmitting these commands and/or data to the device driver 13, and receiving the execution results of these commands and/or received data from the device driver 13.

The control program 9 further has a control unit 32 for processing these commands and/or data, generating output data, and controlling the data. The encryption unit 34 encrypts data to create encrypted data, and the decryption unit 35 decrypts the encrypted data to create the original data. The log acquisition unit 33, in particular, acquires and stores the history of the operation of the control unit 32. Each control unit of the device driver control unit 36 is controlled by the control unit 32 or receives commands or data from the control unit 32 and transmits or transfers them to the device driver 13.

The device driver control unit 36 receives data as a result of executing the above-mentioned commands from the device driver 13 and transmits it to the control unit 32. In this way, the control program 9 controls the user terminal 2, and is in particular the core unit that controls the operation of each device 12 of the user terminal 2. The add-in unit 22 operates in conjunction with the control program 9, transmits communication data acquired in the user mode 16 to the control program 9, and controls communication between the application program 10 and the operating system 11 at the instruction of the control program 9.

Figure 4 is a block diagram for explaining the control when saving user data. In the user terminal 2, user data files (hereinafter also referred to as user files) stored in the normal folder 6 and synchronous folder 7 are read, viewed, edited, and saved by the application program 10. At this time, the control program 9 operates in two control states on the user terminal 2, with the control mode ON and OFF. The operation of reading the user file is indicated by a solid arrow, and the operation of saving is indicated by a dashed arrow.

When reading and writing user files, the control mode state is shown on the side of the arrow with ON and OFF, with a circle "O" indicating that the operation is possible and permitted, and a cross "X" indicating that the operation is not permitted. The operations of reading and writing user files are controlled by the control program 9, which allows or disallows the operations. User files stored in the synchronous folder 7 can be read and viewed by the application program 10 only when the control mode of the control program 9 is ON.

Therefore, the user files stored in the synchronous folder 7 can be edited only when the control mode of the control program 9 is ON. After being edited, the user files stored in the synchronous folder 7 can be saved in the synchronous folder 7, but cannot be saved in the normal folder 6. For example, file AA stored in the synchronous folder 7 is read by the application program 10 and expanded on the main memory device 25 of the user terminal 2 for viewing and editing.

This is shown as file aa being edited. File aa can be saved by overwriting file AA or saved under a different name in synchronous folder 7, but cannot be saved in normal folder 6 like file AA'. File aa can be viewed and edited, and then saved by overwriting or saved under a different name in synchronous folder 7. File aa can also be viewed, and then saved by overwriting or saved under a different name in synchronous folder 7 without being edited.

User files stored in normal folder 6 can be read and viewed whether the control mode of control program 9 is ON or OFF. Specifically, file BB stored in normal folder 6 is read by application program 10. When file BB is read, it is expanded on the main memory device 25 of user terminal 2 and viewed, which is illustrated as file bb. The read operation of file BB is permitted whether the control mode is ON or OFF.

The operation of writing file bb to normal folder 6 is permitted whether control mode is ON or OFF. The operation of writing file bb to synchronous folder 7 is permitted when control mode is ON, but not when control mode is OFF. When control mode is ON, file bb is written to synchronous folder 7, and this written user file is illustrated as file BB'.

When control mode is OFF, synchronized folder 7 cannot be accessed, so file bb cannot be written to synchronized folder 7, and can only be saved over or with a different name in normal folder 6. File aa can only be copied and saved over in synchronized folder 7, but file bb can be saved under a different name in synchronized folder 7 and normal folder 6 when control mode is ON, and can only be saved over or with a different name in normal folder 6 when control mode is OFF.

Figure 5 is a flowchart showing an outline of the operation of the user terminal 2 of the electronic data management system 1 according to the first embodiment of the present invention. First, the user terminal 2 is turned on and put into operation (step 1). The operating system 11 starts up on the user terminal 2, performs initial processing, and user authentication is also performed, creating an environment in which the software can operate (step 2). Then, the control program 9 starts up (step 3). When the control program 9 starts up, initialization processing is performed, and the control mode in which the control program 9 operates is set or confirmed (step 4).

The control program 9 has a control mode for controlling the user terminal 2 according to predetermined conditions. When the control program 9 operates in a control mode for controlling the user terminal 2 according to predetermined conditions, such as conditions described in the control list 100 (see FIG. 6), the control mode is said to be ON. When the control program 9 operates in a control mode in which it only monitors the user terminal 2 and does not specifically control the user terminal 2, the control mode is said to be OFF.

When the control mode is ON, the control program 9 controls the user files used in the user terminal 2 and the operations for doing so in accordance with predetermined conditions. For example, the control program 9 controls whether or not to permit operations such as accessing a user file with the application program 10, saving, duplicating, or moving a user file to the auxiliary storage device 5, copying and pasting a user file being viewed or edited, sending a user file by email, and copying or moving a user file to another auxiliary storage device.

Similar controls can be used when creating derived data using a user file, or when creating a new user file. These controls can be set individually by the application program 10, the operating system 11 services, the user, etc. These controls can also be set for each user file. If you wish to perform work with the control mode turned OFF, turn the control mode setting OFF in the control program 9 settings, proceed to the next step 9, and prepare to use the user terminal 2 (step 4 → step 5).

When turning on the control mode, first the control mode is set to ON and the control program 9 is initialized (step 4 → step 6, step 7). Then, the exclusion setting is performed (step 8). When the control mode of the control program 9 is ON, the initialization, various settings, and exclusion setting are performed, for example, as follows. When turning on the control mode, the control program 9 checks the auxiliary storage device 5 built into and connected to the user terminal 2, and checks the normal folder 6 and synchronous folder 7.

This check is performed by checking whether the synchronous folder 7 is included among the auxiliary storage devices 5 recognized by the operating system 11. The synchronous folder 7 is a folder to be controlled, which is set in advance and saved in a setting folder of the control program 9 or the like. Writing to the auxiliary storage device 5 is set to be prohibited. At this time, writing is prohibited for storage means such as a flash memory 21, a removable drive, a flexible disk drive, and an external auxiliary storage device built into or external to the user terminal 2.

In other words, it restricts the storage of user files without permission in storage means that can take out user files from the user terminal 2. When the control mode is ON, the synchronized folder 7 is not set to prohibit write operations. In addition, folders in the auxiliary storage device 5 in which the operating system 11 is installed or which are essential for its operation are not subject to access restrictions such as prohibition of write operations. The control program 9 sets the communication port for communicating with the network 4.

The communication port referred to here is a port defined by a communication protocol such as TCP/IP, and is the port number of the user terminal 2 and/or the communication partner that communicates with the user terminal 2. It is set with a port number such as "25" or "587". With this setting, only the communication ports necessary for the user terminal 2 to communicate with the network 4 are permitted to be used, and unnecessary ports are set to communication prohibited.

These settings are either based on the basic settings of the control program 9 or can be selected by the user, administrator, etc., and can be selected by the user when the control program 9 is installed or when the control mode is turned ON. The control program 9 prohibits copy and paste, use of the clipboard, and use of screen capture. However, if the user, administrator, etc., wants to use all or some of these functions, they do not prohibit them.

Finally, the control program 9 specifies the processes necessary for the normal operation of the operating system 11 and sets exceptions. For example, it enables system processes and the like necessary for the operation of the operating system 11. These settings do not necessarily have to be made in this order, and the order and combination can be freely changed according to the situation. Once these settings are complete, the control program 9 sets up the synchronized folder 7.

When setting up the sync folder 7, for example, the main disk to be used as the working drive is selected and set, and the path setting to the cloud storage 3 is set to the sync folder 7 or a folder within it. When this path is accessed, the actual data is downloaded from the cloud storage 3 and stored in the sync folder 7. In this way, when setting up the sync folder 7, settings are made to map the sync folder 7 to the cloud storage 3.

In addition, various settings are made when transferring (sending) user files stored in the sync folder 7 to the cloud storage 3. For example, settings are made for the encryption key used to encrypt the user files, the timing of transfer (specific time, interval, etc.), communication speed, priority, etc., and the administrator can select these settings as necessary. With these settings, use of the user terminal 2 begins (step 9).

When a user uses the user terminal 2, the main function of the control program 9 runs in kernel mode 15 of the operating system 11 and is fast, so the user can work without being aware of the operation of the control program 9. The user is restricted when operations are not permitted due to restrictions imposed by the settings in the control mode, a warning of operation restrictions is displayed, or a decision by the user or administrator is required. In particular, when copying or moving a user file to an unauthorized folder or writing to an external medium, the control program 9 will not permit that operation.

The user operates the user terminal 2 to open, view, edit, or create a new user file (step 10). The control program 9 monitors whether the operation of the user terminal 2 complies with the control conditions specified in the control mode, and if it does not, it issues a warning to the user or temporarily suspends the operation of the user terminal 2 and waits for the user's decision, and waits for the user or administrator's operation (steps 11, 12).

Figure 6 shows an example of a control list 100 in the form of a table. The first column 101 of this table shows the list number, the second column 102 shows the file name, the third column 103 shows the process name, the fourth column 104 shows the process ID (also called "PID"), the fifth column 105 shows the file path, and the sixth column shows the file operation. Files to be controlled, which are files that need to be controlled by the control program 9, processes, etc. are registered in this control list 100, and various conditions are specified when registering them.

The file name consists of the name of the user file to be controlled (hereinafter also referred to as the controlled user file) and its extension. For example, "Worfile1.doc" is shown. A list without a file name is for control of the process only. The process name indicates the process name of the running application program 10 that is accessing the controlled user file, and the PID is the process identification number of the running application program 10.

The PID is uniquely assigned to a process that is started after the operating system 11 is running. Even if there is no process ID, it can be controlled by the name of the application program 10. The file operation specifies the type of operation to be performed on the user file to be controlled, and can specify, for example, open, write, move, and delete.

In the example in Figure 6, the type of file operation is specified in Roman letters such as "RO", but it can be written as "R" for reading, "W" for writing, and "O" for overwriting. "RO" indicates that the file can be read, opened, and overwritten. File operations can also be expressed as numbers or words. For example, file operations can be written as English words such as "Read" for reading, "Write" for writing, and "Overwrite" for overwriting. Here, the words are in English, but they can be in other languages.

Furthermore, file operations can be expressed as numbers. For example, file operations can be written as "0" for reading, "1" for writing, "2" for opening, etc. The file path in the fifth column 105 is written from the drive name of the auxiliary storage device 5, which is stored as "C:\..." in this example. As shown in the sixth item in the list in Figure 6, the application program 10 with the process name "Application1.exe" can access the folder with the file path "c:\...folder4", and can perform the read operation specified by the file operation "R" on the "Applfile01" file.

Also, as shown in the seventh item in the list in Figure 6, the application program 10 with the process name "Application2.exe" can access the folder with the file path "c:\...folder4", and since there is no file name in the second column 102, this indicates that any file can be "RWO" read, written, and overwritten.

The synchronous folder 7 is set up in the following procedure. The synchronous folder 7 is given permission to access it, and the path of the synchronous folder 7 is registered in the control list 100, and the application programs 10, users, etc. that can access it are registered. In the case of a virtual disk, the synchronous folder 7 is assigned a specified area in the auxiliary storage device 5, and this area is formatted as a specified file system and mounted to the operating system 11.

When this virtual disk is set in the control list 100, etc., in the same way as the synchronous folder 7, it functions in the same way as the synchronous folder 7. Below, an example of the operation of the control program 9 will be explained with reference to the flowchart shown in FIG. 7. When the user terminal 2 is started, the control program 9 is installed and starts operating (steps 20, 21). If the control program 9 is installed in the user terminal 2, the control program 9 starts and starts operating after the user terminal 2 is operated. The control program 9 is basically set to start automatically.

Of course, the control program 9 can be started manually by the user or the like. The method of starting the control program 9 is set by the user depending on the usage method or the like. The control program 9 is stored in storage on the network 4, or stored on a recording medium or the like and provided to the user. If it is stored in the cloud storage 3 on the network 4, or another file server or application providing site, it can be downloaded from the user terminal 2 and installed. If it is stored on a recording medium, the user installs it from the recording medium.

In this way, the control program 9 is provided in any manner. The control program 9 is provided together with the program of the add-in unit 22, and the add-in unit 22 is installed when the control program 9 is installed. Alternatively, the add-in unit 22 can be installed at the user's instruction after the control program 9 is installed, or at the instruction of the control program 9 when the application program 10 starts to be used.

When the control program 9 starts to operate, a predetermined procedure is carried out: license authentication of the control program 9, terminal authentication of the user terminal 2, and user authentication (step 21). Once all of these authentications have been successfully completed, the user terminal 2 is ready to be used, and the control program 9 is able to monitor and control the user terminal 2. First, the control program 9 selects or confirms the mode in which it will operate. It operates with the control mode set to ON or OFF (step 22).

When the user uses the user terminal 2, the user starts a specific application program 10 and instructs the application program 10 to open a user file to view or edit it. Alternatively, the user instructs the application program 10 to create a new user file. Alternatively, when the user selects a user file to open it, the application program 10 registered in association with the extension of the user file starts, or the user specifies the application program 10.

In this way, the application program 10 starts and accesses the user file (steps 23, 24). When the application program 10 starts and begins operation, the add-in section 22 operates at the same time as the application program 10 starts and obtains access information related to the user file that the application program 10 opens (step 25). This access information includes the process ID (PID), the file path of the user file, the file name of the user file, etc.

When the application program 10 accesses a user file, control of the application program 10 is temporarily handed over to the add-in unit 22 (details will be described later). When control is handed over to the add-in unit 22, the file path and file name are notified as arguments. The add-in unit 22 obtains its own process ID to obtain the process ID. The add-in unit 22 sends the obtained access information to the control program 9.

The control program 9 analyzes the access information (step 26). This analysis is performed, for example, as in steps 27 to 35. The control program 9 analyzes the file path and determines whether it indicates any particular area of the auxiliary storage device 5 (step 27). The auxiliary storage device 5 has at least two types of areas: a control area and a normal area. The control area is an area in which electronic data, such as user files, stored therein cannot be copied or moved outside.

The control area is a restricted area into which electronic data can be copied and moved. In this example, the synchronous folder 7 is used as an example of the control area. This control area can only be accessed by the control program 9, and user files are encrypted and stored in this area. The control area contains multiple sub-areas and folders, etc., and access rights can be specified for each of them based on the user name, etc., of the user who uses the user terminal 2.

The normal area is a normal area that can be freely used by the user of the user terminal 2. The normal area is not a special area such as a folder that has a one-to-one correspondence with a cloud storage folder. For example, the user can freely use the electronic data in the normal area regardless of the control mode of the control program 9.

The normal area may contain multiple subareas and folders, and access rights may be assigned to each of them based on the user name of the user who uses the user terminal 2. If it is determined to be a control area in step 27, it is checked whether the control program 9 is operating in control mode (step 28). If it is in control mode, the control program 9 allows access to the user file without the need for additional control settings (step 29).

This access permission is sent to the add-in section 22, which receives it and returns control to the application program 10. The application program 10 reads and opens the user file, and the user file is viewed, edited, etc. (step 35). When the application program 10 edits and saves the user file in the control area, it can save it only in the control area (step 35).

If application program 10 edits and saves a user file in the control area and attempts to save it in the normal area, the save operation will result in an error and the file will not be saved. This makes it possible to prevent user files stored in the control area from leaking to the outside. If the control mode is OFF in step 28, the control mode is set to ON, and writing user files to the normal area is prohibited, and this setting is made (step 30).

As a result, access to the user file is permitted and is sent to the add-in section 22. The add-in section 22 receives the access permission and returns control to the application program 10. The application program 10 reads and opens the user file, and the file is viewed, edited, etc. (step 35). Because the user file was read from the control area, the application program 10 can edit and save the file only in the control area.

If application program 10 saves a user file in a normal area, an error occurs and the file cannot be saved because write protection is set. If the check in step 27 determines that the file is in a normal area, it checks whether control program 9 is operating in control mode (step 31). If control mode is ON, it allows the user file to be saved by overwriting (step 32).

Then, the access permission for this user file (allowing overwriting) is added to the control list 100 (step 33). The access permission for this user file is then sent to the add-in section 22, which receives it and returns control to the application program 10. The application program 10 reads and opens the user file, allowing viewing, editing, etc. to be performed (step 35).

If the control mode is OFF as a result of checking in step 31, no additional settings are made and an access permission is sent (step 34). Access to the user file is sent to the add-in section 22. The add-in section 22 receives the access permission and returns control to the application program 10. The application program 10 reads and opens the user file, allowing viewing, editing, etc. (step 35). The user file can be freely saved by overwriting in the normal area or saved under a different name.

When the application program 10 views, edits, and saves a user file, the add-in unit 22 temporarily acquires control from the application program 10 and acquires access information to the user file. The access information is passed to the control program 9, which refers to the control list 100 to check whether writing to the user file is permitted (step 36). Once the user file has been saved, the application program 10 is either terminated or the viewing and editing continues (steps 37, 38).

Figure 8 shows a flowchart illustrating an example of the procedure for the operation of the control program 9. The control unit 32 acquires an access event to a user file via the interface unit 31 (steps 50 and 51). The file system control unit 36 acquires access information to the user file (process ID, file path, file operation) (step 52). The control unit 32 acquires and analyzes the access information, and verifies whether the folder specified in the file path and the file operation, etc. match the data registered in the control list 100 (step 53).

If the access information matches the data in the control list 100, the control unit 32 issues an access permission indicating that access is permitted, and the operation on the user file is performed (step 54). This access permission and access information are sent to the file system control unit 36, which accesses the user file appropriately and returns the access result (step 58). If the user file does not match the data in the control list 100 in step 53, the control mode is checked (step 55).

If the control mode is OFF, the user file is determined to be a non-control target user file, and so overwriting the user file, etc. is permitted, and an access permission is issued (step 57). The file system control unit 36 receives this access permission, appropriate access is made to the user file, and the access result is returned (step 58). In step 55, if the control mode is ON, access to the user file is permitted or not permitted depending on the conditions.

If the user file is electronic data in the control area and access is to the normal area, access is denied. If the user file is electronic data in the normal area and access is to the control area, access is permitted and is registered in the control list 100 (step 56). If access is denied, an access denial indicating this is issued and is sent to the application program 10.

In other words, an access denial is returned to the application program 10 as a result indicating that the access was not performed (steps 56, 58). If an access is permitted, the file system control unit 36 receives this access permission, appropriately accesses the user file, and returns the access result (step 58). After returning the access result to the application program 10 in step 58, the process moves to the next step, such as monitoring and waiting for the next file access (step 59).

When the control program 9 is instructed to turn on the control mode, the control unit 32 receives this instruction and sends a command to prohibit all file access. This command is sent to the network control 38, the file system control unit 37, the interface control unit 39, etc. The network control 38, the file system control unit 37, and the interface control unit 39 receive this command and prohibit file access.

It also sets the control process, prohibits network use, prohibits clipboard use, prohibits screen capture, prohibits copy and paste functions, etc. By registering a callback function of the operating system 11 (using the kernel API), the start and end events of the process are obtained. A callback function is set for the start and end events of the process to be executed, and it is set up so that the start and end of the application program 10 can be detected.

The add-in section 22 detects the start of the application program 10. In the add-in section 22, for example, in the case of WINDOWS (registered trademark), a function called ThisAddIn_Startup event handler of the operating system can be used to monitor the opening of user files. For example, when extending a Microsoft Office application, an add-in (add-in section 22) is created using the Microsoft Office Developer Tools of Visual Studio. At this time, the ThisAddIn class of the project is used and the ThisAddIn_Startup event handler function is specified.

As a result, this function code is executed when the application program 10 loads a user file. This is used to monitor the user files that are loaded. Even in application programs 10 other than those of Microsoft, information about the user file being opened can be obtained by using the add-in function.

Alternatively, the SUSPEND mode of CreateProcess can be used. In the SUSPEND mode of CreateProcess, a process of the application program 10 is started, and the add-in unit 22 obtains the handle and process ID of this process. When a process is started in the SUSPEND mode of CreateProcess, it is put into a paused state and will not run until it is resumed. The handle is the process handle returned from CreateProcess.

The add-in unit 22 sends the acquired handle and process ID to the control unit 32. When the process is started in this way, a callback function in the file system control unit 37 is executed, and the control unit 32 is notified of the start of control. The control unit 32 acquires the handle and process ID, sends them to the file system control unit 37, and uses the process ID to refer to the management table and make settings to allow file access according to the values in the management table.

The items that are set to allow file access are the process ID, process name, file name, folder name, and file operation. The setting specified for file operation is to allow either read only (Read Only) or read/write (Read/Write). Once this series of settings is complete, the acquired handle is used to resume the process that was in suspended mode. Then, the application program 10 is run.

While the application program 10 is running, the control unit 32 waits for an end event, which is a notification issued by the operating system 11 when the application program 10 is terminated. When the application program 10 is terminated, the control unit 32 executes a callback function in the file system control unit 37 and notifies the control unit 32 of control release. The file system control unit 37 releases the control that was being performed by the control list 100 (see Figure 6), and thereafter does not control the application program 10.

Of course, when this application program 10 accesses a user file, control is resumed. In the user terminal 2, the minimum number of executable files and processes required for the operation of the operating system 11 must be allowed to run without restrictions. For example, an example of a process is System. The control process name and control directory are registered in the control list 100 (see Figure 6).

These processes are set when the operating system 11 starts up, that is, the directory of the auxiliary storage device 5 is set as the working folder. If the synchronized folder 7 exists on a drive on which the operating system 11 is not installed, the drive of the synchronized folder 7 is not set as the working drive of the operating system 11. Therefore, the control unit 32 obtains the auxiliary storage device 5 from these system processes and replaces this with access to the corresponding folder of the synchronized folder 7.

In other words, redirect. To get the process name, use the ZwQueryInformationProcess function to get the image path of the running process, and then get the process name from the file name of its executable file (which has an exe extension). To get the process ID, use the PsGetCurrentProcessId() function to get the current PID.

To obtain the file name, the file name is obtained from the file object referenced by the input/output (I/O) request (IRP) related to the file I/O request. Event detection is performed as follows. I/O requests within the kernel of the operating system 11 are made in the form of an IRP (IO Request Packet). For file access, the IRPs shown in Table 2 below are used. Event detection is performed by setting a callback function for this IRP.

The callback function is registered in the process manager of the executive, and when the callback function is executed, control is transferred to the control program 9 that is the reference destination.

Second Embodiment
A second embodiment of the present invention will now be described. The second embodiment of the present invention is basically the same as the first embodiment of the present invention described above, and only the differences will be described here. When creating a new file such as a user file in the user terminal 2, there is a method of creating a new file by using a new file creation function of the application program 10. The creation of a new file and the subsequent control performed by the control program 9 will now be described with reference to a flowchart.

Figure 9 shows a flowchart showing an example of the procedure by which the control program 9 operates when creating a new file. The following explanation is based on the assumption that the user terminal 2 is up and running and the control program 9 has started operating (steps 70, 71). The control program 9 operates with the control mode ON or OFF (step 72). The application program 10 is started (step 73), and the user operates the application program 10 to use the function for creating a new file to create a new file (step 74).

At this time, the folder in which the newly created file will be saved (the default setting for application program 10) is displayed, and the user can specify it by selecting it or changing it to an appropriate folder. When application program 10 accesses the specified folder to save the newly created file, add-in unit 22 detects this and notifies control program 10. Detection by add-in unit 22 is the same as in the first embodiment described above.

As a result, the control program 10 obtains and analyzes the file path and file name of the destination of the newly created file (steps 75, 76). The control unit 32 obtains and analyzes the access information, and compares the destination area specified in the file path, the file name, and the file operation with the data registered in the control list 100. The file operation here is the operation of saving the file, in other words, the operation of writing.

If the area in which the file is to be saved is a control area, the control list 100 (see FIG. 6) is checked to see if file operations are permitted. Examples of such permissions include whether the application program 10 is permitted to access the control area, whether the application program 10 is permitted to write new files to the control area, and whether the user is permitted to access the control area.

In some cases, for example, when the control program 9 is operating in the control mode, any application program 10 is permitted to access the control area, and a specific application program 10 is permitted to write new files. When file operations are permitted in this way, a newly created file is written to the control area, the newly created file is registered in the control list 100, and a setting to permit overwriting and saving, and a setting to prohibit moving and writing to the normal area of this newly created file are registered in the control list 100 (step 78).

This file operation is sent from the control unit 32 to the file system control unit 36, appropriate access is made to write the newly created file, the access result is returned, and the newly created file can be edited, etc. (step 83). In the confirmation of step 77, if the file operation to save the newly created file is an access to the normal area, it is confirmed whether or not the control registered in the control list 100 is necessary for the newly created file.

For example, if access to the normal area by a specific application program 10 is set as not permitted in the control list 100, this check will determine that control is necessary. Also, there are cases where the operation of accessing the normal area by a specific application program 10 or user to read data is set in the control list 100, but the operation of writing a file is set as not permitted.

When file writing operations to the normal area are set to be disallowed in this way, a message that writing to the normal area is prohibited is displayed on the display means of the user terminal 2, and the system waits until the user changes the file path and specifies an allowed file path. The file is then written to an allowed area, for example the control area, and the newly created file is registered in the control list 100. A setting to allow overwriting and a setting to prohibit moving and writing to the normal area of this newly created file are registered in the control list 100 (steps 80, 81).

At this time, the control program 9 operates with the control mode ON. These operations are sent from the control unit 32 to the file system control unit 36, and appropriate access is performed, such as an operation to write a newly created file, and the access result is returned, allowing editing of the newly created file, etc. (step 83). If control is not required in the confirmation of step 79, a write operation to the normal area is permitted, and the newly created file is written to the normal area (step 82).

This permission is sent from the control unit 32 to the file system control unit 36, appropriate access is made to write the newly created file, the access result is returned, and the newly created file can then be edited (step 83). Here, since the newly created file does not need to be controlled, there is no particular need to register it in the control list 100, and there is no particular need to change the control mode of the control program 9.

This is because access to files in the normal area is permitted whether the control mode of the control program 9 is ON or OFF. As described above, the newly created file becomes editable, and is edited by the application program 10 and displayed on the display. Then, at the user's instruction, periodically, upon termination, etc., the application program 10 overwrites and saves the newly created file being edited (step 84).

When performing this save operation, the control program 9 obtains access to save from the add-in section 22 etc., checks whether the file is a controlled file that requires control, whether the file is allowed to be overwritten, and performs the appropriate operation. The application program 10 ends when the overwrite save operation of the newly created file is completed (step 85). When the application program 10 ends, the control program 9 ends its monitoring, and continues monitoring other processes etc. (step 86).

Other embodiments
As described above, the first and second embodiments of the present invention have been described. Here, a modified example of the first and second embodiments of the present invention will be described. Although the folder to be controlled by the control program 9 has been described as the synchronous folder 7, other folders can be specified and controlled in the same manner.

For example, examples of folders to be controlled include a shared folder for a file server, a specific folder specified in the user terminal 2, the entire virtual disk drive of the user terminal 2 or a folder therein, the entire auxiliary storage device connected to the user terminal 2 or a folder therein, etc. Examples of shared folders or synchronized folders 7 for a file server include cloud storage (also called online storage services) such as OneDrive (trademark), Box (trademark), and Dropbox (trademark), or folders for storage services equivalent thereto.

Examples of auxiliary storage devices connected to the user terminal 2 include the flash memory 21 in FIG. 3, and HDDs and SSDs (not shown). When a user file is opened with the application program 10, a temporary file is created to temporarily store the contents of the user file. This temporary file is created in the same folder as the opened user file, or in a folder previously specified in the settings of the application program 10 or the settings of the operating system 11.

For example, in the case of a Word document, a normal temporary file is created by combining part of the file name with several numbers, and creating a file with the same extension. The contents of this temporary file consist of the edited parts of the original user file, in other words the parts that have not been saved, and when the user file being edited is saved from the application program 10, the temporary file is reflected in the original user file. When the user file is opened, the control program 9 checks the storage location of the temporary file, and can control it if necessary.

For example, the area where the temporary file is created can be an appropriate area such as a control area. When a user file is opened with the application program 10, a temporary file is created to automatically back up and temporarily store the contents of the user file. The storage location of this temporary file can often be set in the settings of the application program 10, and can be changed by the user. For example, in the case of Word, a backup file is created at regular intervals (default 10 minutes).

The extension of this backup file is "asd", and the contents being edited are saved in file paths such as the "~AppData\Roaming\Microsoft\Word\filename+string" folder for recovering unsaved user files, and the "~AppData\Roaming\Microsoft\Word" folder for recovery when the file is forcibly terminated, and so on. These locations can be accessed to use the temporary file to recover the user file being edited in cases where the user forgets to save the user file being edited and terminates the program, where the user terminates the program without saving the user file being edited due to an abnormal operation of the operating system 11 or application program 10, or where the user terminal 2 is forcibly powered off or reset, etc.

The control program 9 can check these temporary files and control their storage locations, access to them, etc. For example, when the application program 10 is terminated due to an abnormal operation without saving the user file being edited and then the application program 10 is started again, it checks the temporary files (backup files) in these setting locations and, if recovery is necessary, performs an operation to open the temporary files to recover them.

When accessing this open operation, the control program 9 identifies (or estimates) the temporary file from the temporary file or the original user file, checks it against the control list 100, and performs appropriate control. In this way, the control program 9 can specify the save destination of the temporary file and control the temporary file.

When the control program 9 opens a user file in the synchronous folder 11, it designates the folder in which the temporary file is stored as a controlled folder and adds it to the control list 100, encrypts the temporary file and stores it in the controlled folder, and prohibits the user file in the controlled folder from being copied to other folders. By setting it in this way, it is possible to control the temporary files as shown in the first and second embodiments described above.

The controlled folder is specified by its unique identification information, and this unique identification information is registered in the control list 100 and is stored in the control program 9, for example, encrypted and stored in the source code of the control program 9 or stored in the binary code of the control program 9 in a format accessible only after the control program 9 has started normally. In addition, this unique identification information is encrypted and stored in the user terminal 2, in an auxiliary storage device or mobile device connected to the user terminal 2, or in a cloud folder accessible by the user terminal 2 via the network, so that the control program 9 can access it only after it has started normally.

When the controlled folder is a folder in the user terminal 2, its unique identification information is obtained by obtaining the folder path, and this is used as the identification information. In the case of cloud storage, the location of the sync folder 8 is dynamically obtained from the information of the user account logged in to the cloud service, and this is used as the identification number. In the case of an external auxiliary storage device such as a flash memory 21, the device ID (identification number) of the device is obtained and used as the identification number. As the device ID, an identification number assigned to the device when it is manufactured, such as a vendor ID, product ID, or serial number, can be used, and an example of this is shown in FIG. 10.

The table in Figure 10 is a device list 110 showing examples of device IDs, where the first column 111 shows the number of the registered device, the vendor ID in the second column 112 shows an identification number for identifying the vendor that manufactured the device, the product ID in the third column 113 shows a product identification number indicating the type of device, etc., and the serial number in the fourth column 114 shows a unique number assigned to the device.

The device list 110 is also part of the above-mentioned control list 100, and like the control list 100, it is stored as a separate list in the user terminal 2 in a state accessible only by the control program 9. When the control program 9 controls the user terminal 2 as described in the first and second embodiments, etc., the device list 110 is checked along with the control list 100 to determine whether or not control should be permitted.

When creating a new user file on the user terminal 2, one method is to create an empty user file in the auxiliary storage device 5. In this case, the user creates an empty user file in the auxiliary storage device 5, opens it in an appropriate application program 10, edits it, and when editing is complete, saves it over the existing file. At this time, depending on the area in the auxiliary storage device 5 where the empty user file is created, it can be determined whether or not it is a user file to be controlled.

When the application program 10 opens the created empty user file, the control program 9 obtains and analyzes the file path and file name of the empty user file, and determines whether or not it can be controlled based on whether it is registered in the control list 100 and/or device list 110. When creating an empty user file, the user selects an appropriate folder in the auxiliary storage device 5 and creates the user file therein. When the control program 9 is operating in control mode ON, it can access a control area such as the synchronous folder 7, and creates an empty user file in this control area.

At this time, when writing the file name, the extension is also specified. For example, "text.txt" is specified for a text file, and "file1.doc" or "file1.docx" is specified for a Word document. The control program 9 obtains access to the control area and controls the operation of creating a user file. For example, when a user file is created in the control area, it is added to and set in the control list 100.

When the control program 9 is not operating in control mode, it cannot access the control area, so it creates an empty user file in the normal area. Even when the control program 9 is operating in control mode, it can create an empty user file in the normal area. When accessing an empty user file created in this way, double-clicking an icon with a file name will automatically start the application program associated with the extension, or the file will be opened in a specific application program specified by the user.

The operation of opening this user file is detected by the control program 9, and control is performed as described above. When the created empty user file is accessed for the first time from the application program 10, this access is detected by the control program 9, and the empty user file, in other words the user file to be edited, is added to the control list 100 according to a pre-specified procedure or at the user's discretion, and the type of control is specified.

The present invention is suitable for use in fields that require close management of electronic data. In particular, it is suitable for use in fields that demand advanced data management, such as computer leasing, the printing industry, insurance companies, retail stores, financial institutions, nuclear power-related facilities, terminals that handle personal data, and terminals that perform remote operations.

Reference Signs List 1: Electronic data management system 2: User terminal 3: Cloud storage 4: Network 5: Auxiliary storage device 6: Normal folder 7: Synchronized folder 8: Cloud folder 9: Control program 10: Application program 11: Operating system 12: Device 13: Device driver 14: File system driver 15: Kernel mode 16: User mode 17: Network card 18: Connector 19: USB port 20: External device 20
21: Flash memory 22: Add-in section 23: Network driver 24: Interface driver 25: Main memory device 31: Interface section 32: Control section 33: Log acquisition section 34: Encryption section 35: Decryption section 36: Device driver control section 37: File system control section 38: Network control 3
39...Interface control unit 39
100...Control list 110...Device list

Claims (13)

1. An electronic data management method for preventing leakage of user data when user data stored in an auxiliary storage device of an electronic computer is operated by an application program, by controlling the electronic computer with control means having: (a) a first control mode for controlling the electronic computer by permitting the operation and executing the operation in accordance with a preset control list, or by disallowing the operation and interrupting the operation in accordance with the control list, and (b) a second control mode for not controlling the operation executed by the electronic computer,
the auxiliary storage device comprises a control area which is accessible only when the control means is operating in the first control mode and in which movement or copying of stored electronic data is permitted only within its own area, and a normal area which is accessible when the control means is operating in the first control mode or the second control mode and in which movement or copying of stored electronic data to any area is permitted,
When saving a file consisting of the user data that has been read from the control area or the normal area and is being viewed or edited by the application program,
The control means obtains access information including a save operation indicating the save operation by the application program and a file path indicating a storage location from which the file is read out;
Analyzing the access information by the control means;
When the control means is operating in the first control mode,
When the file path indicates the control area, permitting the save operation to save the file in the control area and disallowing the save operation to save the file in the normal area;
When the file path indicates the normal area, permitting the save operation to save the file in the control area and registering in the control list that the file is not to be saved in the normal area, or permitting the save operation to save the file in the normal area;
When the control means is operating in the second control mode,
and permitting the save operation to save the file in the normal area because the file path indicates the normal area. 2. The electronic data management method according to claim 1,
2. The electronic data management method according to claim 1, wherein said control means comprises add-in means which is registered as a function extension in said application program in order to monitor the operation of said application program, and which acquires said access information. 3. The electronic data management method according to claim 2,
The control means operates in a kernel mode in which all commands of an operating system can be executed, and provides a common interface for communication between device drivers for directly controlling devices connected to the computer, or for communication between the device drivers and the application programs;
an interface unit for receiving first data including an instruction and/or data output from the application program, and for transmitting second data including an execution result of the instruction and/or received data received from the device driver to the application program;
a device driver control unit for transmitting third data including the command and/or the data to the device driver and receiving fourth data including an execution result of the command and/or the received data from the device driver;
a control unit for processing the first data or the fourth data, generating the second data or the third data, and controlling the first to fourth data; and
an encryption unit for encrypting data to generate encrypted data, and a decryption unit for decrypting the encrypted data to generate the original data,
the control unit acquires the access information from the add-in means via the interface unit, analyzes the access information, and permits or prohibits the save operation;
When the access is permitted, the control unit transmits the access information to the device driver control unit for execution, and transmits a result of the execution to the add-in means via the interface unit;
When the permission is not granted, the control unit transmits the permission to the add-in means via the interface unit. 4. The electronic data management method according to claim 1,
When a new file is created by the application program and the file that is the new file is saved,
The control means obtains the access information, which is composed of the save operation indicating an operation of saving the file by the application program and the file path indicating a location where the new file is to be stored;
Analyzing the access information by the control means;
When the control means is operating in the first control mode,
When the file path indicates the control area, permitting the save operation to save the file in the control area, and registering in the control list that the file is not to be saved in the normal area;
When the file path indicates the normal area, permitting the save operation to save the file in the normal area;
When the control means is operating in the second control mode,
The electronic data management method according to claim 1, further comprising permitting the save operation for saving the file in the normal area. a control means having (a) a first control mode for controlling the electronic computer by permitting the operation and executing the operation in accordance with a preset control list, or by disallowing the operation and interrupting the operation in accordance with the control list, when user data stored in an auxiliary storage device of the electronic computer is operated by an application program, and (b) a second control mode for not controlling the operation executed by the electronic computer,
2. An electronic data management device for preventing leakage of user data by controlling the electronic computer with the control means,
the auxiliary storage device comprises a control area which is accessible only when the control means is operating in the first control mode and in which movement or copying of stored electronic data is permitted only within its own area, and a normal area which is accessible when the control means is operating in the first control mode or the second control mode and in which movement or copying of stored electronic data to any area is permitted,
When saving a file consisting of the user data that has been read from the control area or the normal area and is being viewed or edited by the application program,
The control means acquires access information including a save operation indicating the save operation by the application program and a file path indicating a storage location from which the file is read out, analyzes the access information, and
When the control means is operating in the first control mode,
When the file path indicates the control area, the control means permits the save operation to save the file in the control area and does not permit the save operation to save the file in the normal area;
When the file path indicates the normal area, the control means permits the save operation to save the file in the control area and registers in the control list that the file is not to be saved in the normal area, or permits the save operation to save the file in the normal area;
When the control means is operating in the second control mode,
and because the file path indicates the normal area, the control means permits the save operation to save the file in the normal area. 6. The electronic data management device according to claim 5,
2. An electronic data management device, comprising: a computer that stores information about a program that is to be accessed by the computer; a program that is to be registered as a function extension in the application program in order to monitor the operation of the application program; 7. The electronic data management device according to claim 6,
The control means operates in a kernel mode in which all commands of an operating system can be executed, and provides a common interface for communication between device drivers for directly controlling devices connected to the computer, or for communication between the device drivers and the application programs;
an interface unit for receiving first data including an instruction and/or data output from the application program, and for transmitting second data including an execution result of the instruction and/or received data received from the device driver to the application program;
a device driver control unit for transmitting third data including the command and/or the data to the device driver and receiving fourth data including an execution result of the command and/or the received data from the device driver;
a control unit for processing the first data or the fourth data, generating the second data or the third data, and controlling the first to fourth data; and
an encryption unit for encrypting data to generate encrypted data, and a decryption unit for decrypting the encrypted data to generate the original data,
the control unit acquires the access information from the add-in means via the interface unit, analyzes the access information, and permits or prohibits the save operation;
When the access is permitted, the control unit transmits the access information to the device driver control unit for execution, and transmits a result of the execution to the add-in means via the interface unit;
When the permission is not granted, the control unit transmits the permission to the add-in means via the interface unit. 8. The electronic data management device according to claim 5,
When creating a new file in the application program and saving the file that is the new file,
The control means obtains the access information, which is composed of the save operation indicating an operation of saving the file by the application program and the file path indicating a location where the new file is to be stored;
Analyzing the access information by the control means;
When the control means is operating in the first control mode,
When the file path indicates the control area, the control means permits the save operation for saving the file in the control area, and registers in the control list that the file is not to be saved in the normal area;
When the file path indicates the normal area, the control means permits the save operation to save the file in the normal area;
When the control means is operating in the second control mode,
The electronic data management device according to claim 1, wherein the control means permits the save operation for saving the file in the normal area. a control program for causing the electronic computer to function as a control means having (a) a first control mode for controlling the electronic computer by permitting the operation and executing the operation in accordance with a preset control list, or by disallowing the operation and interrupting the operation in accordance with the control list, when user data stored in an auxiliary storage device of the electronic computer is operated by an application program, and (b) a second control mode for not controlling the operation executed by the electronic computer,
1. An electronic data management program for preventing leakage of user data by controlling and operating the electronic computer using the control program, comprising:
the auxiliary storage device comprises a control area which is accessible only when the control means is operating in the first control mode and in which movement or copying of stored electronic data is permitted only within its own area, and a normal area which is accessible when the control means is operating in the first control mode or the second control mode and in which movement or copying of stored electronic data to any area is permitted,
When saving a file consisting of the user data that has been read from the control area or the normal area and is being viewed or edited by the application program,
The control program includes:
obtaining access information including a save operation indicating the save operation by the application program and a file path indicating a storage location from which the file is read;
analyzing the access information;
When the control program is operating in the first control mode,
when the file path indicates the control area, permitting the save operation to save the file in the control area and disallowing the save operation to save the file in the normal area;
permitting the save operation to save the file in the control area when the file path indicates the normal area, and registering in the control list that the file will not be saved in the normal area, or permitting the save operation to save the file in the normal area;
When the control program is operating in the second control mode,
a step of permitting the save operation for saving the file in the normal area because the file path indicates the normal area, said program causing the electronic computer to execute said electronic data management program. 10. The electronic data management program according to claim 9,
the control program comprises an add-in section that is registered in the application program as a function extension in order to monitor the operation of the application program and causes the electronic computer to execute a step of acquiring the access information. 11. The electronic data management program according to claim 10,
The control program operates in a kernel mode in which all commands of an operating system can be executed, and provides a common interface for communication between device drivers for directly controlling devices connected to the computer, or for communication between the device drivers and the application programs,
an interface unit for receiving first data including an instruction and/or data output from the application program, and for transmitting second data including an execution result of the instruction and/or received data received from the device driver to the application program;
a device driver control unit for transmitting third data including the command and/or the data to the device driver and receiving fourth data including an execution result of the command and/or the received data from the device driver;
a control unit for processing the first data or the fourth data, generating the second data or the third data, and controlling the first to fourth data; and
an encryption unit for encrypting data to generate encrypted data, and a decryption unit for decrypting the encrypted data to generate the original data,
the control unit causes the electronic computer to execute a step of acquiring the access information from the add-in unit via the interface unit, a step of analyzing the access information, and a step of permitting or not permitting the save operation;
When the access is permitted, the control unit causes the electronic computer to execute a step of transmitting the access information to the device driver control unit for execution, and a step of transmitting a result of the execution to the add-in unit via the interface unit;
the control unit causes the computer to execute a step of transmitting, when the request is not permitted, the request not being permitted to be transmitted to the add-in unit via the interface unit. 12. The electronic data management program according to claim 9,
When a new file is created by the application program and the file that is the new file is saved,
The control program includes:
obtaining the access information, the access information comprising the save operation indicating an operation to save the file by the application program and the file path indicating a location to store the new file;
analyzing the access information;
When the control means is operating in the first control mode,
when the file path indicates the control area, permitting the save operation for saving the file in the control area, and registering in the control list that the file is not to be saved in the normal area;
permitting the save operation to save the file in the normal area when the file path indicates the normal area;
When the control means is operating in the second control mode,
2. A program for managing electronic data, comprising: a step of permitting the save operation of saving the file in the normal area on the electronic computer; A recording medium for an electronic data management program on which the electronic data management program according to any one of claims 9 to 12 is recorded.

Images