摘要:
A computer-readable recording medium storing an access rights management program which is capable of safely managing the use of an electronic document with ease and efficiency. An access policy-storing device stores a first access policy containing information on a first distributee to which the electronic document is distributed, and information on second distributees, which is indicative of a range within which the first distributes is permitted to distribute the electronic document, as well as information on use rights that permit the second distributees to use the electronic document with a defined scope of authority. A storage device stores a distribution target indicative of the second distributees. When a distributes specifying request for permission to grant the use rights to a specific distributes is received from the first distributee, an access policy-confirming device refers to the distribution target to confirm whether or not the specific distributes is included in the second distributees. A registration device registers a second access policy associating the specific distributes with the information on the use rights, in said access policy-storing device. A use rights-confirming device refers to the second access policy to thereby permit the specific distributes to use the electronic document using the use rights, when a use request for permission of use of the electronic document is received from the specific distributes.
摘要:
A computer program, apparatus, and method for managing access to documents, capable of identifying the exact events of document access on the basis of given access logs even when access policies are modified in the middle of operations. Upon receipt of an access policy setup request from a first client, an access policy manager adds a new access policy to the access policy database or modifies an existing access policy in an access policy database according to the request. A policy log collector then stores the records of such a new access policy or modified existing access policy in a policy log database. Afterwards an access log collector receives an access log for the document 5 from the second client 3 and saves it in the access log database 1c. When a third client issues a log request with a specific search keyword, a log searcher retrieves relevant policy log records and access log records that match with the specified search keyword.
摘要:
A first access policy is stored to provide information on a first distributee to which an electronic document is distributed, to which the first distributee is permitted to distribute the electronic document, and use rights that permit the second distributees to use the electronic document. Also stored is a distribution target information indicating the second distributees. When the first distributee requests permission to grant use rights to a specific distributee, the distribution target is consulted to confirm whether or not the specific distributee is included in the second distributees. A second access policy associating the specific distributee with the information on the use rights is then registered. When the specific distributee requests permission to use the electronic document, the second access policy is consulted to permit the specific distributee to use the electronic document.
摘要:
A computer program, apparatus, and method for managing access to documents, capable of identifying the exact events of document access on the basis of given access logs even when access policies are modified in the middle of operations. Upon receipt of an access policy setup request from a first client, an access policy manager adds a new access policy to the access policy database or modifies an existing access policy in an access policy database according to the request. A policy log collector then stores the records of such a new access policy or modified existing access policy in a policy log database. Afterwards an access log collector receives an access log for the document 5 from the second client 3 and saves it in the access log database 1c. When a third client issues a log request with a specific search keyword, a log searcher retrieves relevant policy log records and access log records that match with the specified search keyword.
摘要:
A management apparatus comprising memory to store owner information, dependence relationship information, and authorized user information are associated with file information identifying the secret file, an authorized user determination unit to determine whether a source user of the browse request is registered as the authorized user of the browse request file, a dependent file specifying unit to specify a dependent file having a dependence relationship with the browse request file by referring to the dependence relationship information when the source user is authorized; and a browse permission response transmitting unit to transmit the browse permission response to the source user based on whether or not the source user is registered as the authorized user of the dependent file by referring to the authorized user information.
摘要:
A management apparatus comprising memory to store owner information, dependence relationship information, and authorized user information are associated with file information identifying the secret file, an authorized user determination unit to determine whether a source user of the browse request is registered as the authorized user of the browse request file, a dependent file specifying unit to specify a dependent file having a dependence relationship with the browse request file by referring to the dependence relationship information when the source user is authorized; and a browse permission response transmitting unit to transmit the browse permission response to the source user based on whether or not the source user is registered as the authorized user of the dependent file by referring to the authorized user information.
摘要:
When a user works data required for allowance for the use thereof, the work processing is carried out by utilizing an exclusive work processing device. Thereafter, only the data of work information indicating what kind of working has been made to the original data (for example, differential static image data indicating a difference between the original static image required for allowance for the use and the static image after having been worked) is stored, whereby the use without permission of the data is prevented.
摘要:
A common key block encryption apparatus for performing a nonlinear transformation with a multiplication executed in a binary field or a composite field includes a computing unit to execute a computation other than the nonlinear transformation with fixed value masked input data obtained by XORing input data with a fixed mask value, an XOR operation circuit to transform all input data into fixed value masked input data by XORing the input data with a fixed mask value and to transform the data into random value masked input data by XORing the input data with a random mask value in the multiplication, a multiplier to execute a multiplication based on the random value masked input data output from the XOR operation circuit, and a random value mask-to-fixed mask value transformation circuit to again transform the random value masked output data into fixed value masked output data and to output the data.
摘要:
The first route selection device re-arrays a plurality of extended key mask values at random according to the value of a random number generated by a random number generation device. An extended key operation device generates an exclusive logical OR of a plurality of the re-arrayed extended key mask values, a data string representing extended key and an input data string. The second route selection device re-arrays the data string of the exclusive logical OR by performing a re-array conversely with the first route selection device according to the value of the random number. A non-linear conversion device applies non-linear conversion to the re-arrayed data string and outputs a data string masked by a plurality of non-linear conversion mask values. The third route selection device re-arrays the masked data string by performing the same re-array as the first route selection device according to the value of the random number.
摘要:
The first route selection device re-arrays a plurality of extended key mask values at random according to the value of a random number generated by a random number generation device. An extended key operation device generates an exclusive logical OR of a plurality of the re-arrayed extended key mask values, a data string representing extended key and an input data string. The second route selection device re-arrays the data string of the exclusive logical OR by performing a re-array conversely with the first route selection device according to the value of the random number. A non-linear conversion device applies non-linear conversion to the re-arrayed data string and outputs a data string masked by a plurality of non-linear conversion mask values. The third route selection device re-arrays the masked data string by performing the same re-array as the first route selection device according to the value of the random number.