Information security system, its server and its storage medium

US 7,633,375 B2
Filed: 05/31/2006
Issued: 12/15/2009
Est. Priority Date: 02/27/2006
Status: Active Grant

First Claim

Patent Images

1. An information security system comprising:

a portable information processing device; and

a server, whereinthe portable information processing device includes;

an identification information detection/notification unit to detect detectable identification information of identification information of the portable information processing device, identification information of a user and identification information of a place, and to notify a server of the detected information; and

a file using control unit to make an inquiry of the server if a file is a security target file when a user specifies an arbitrary file, and to control use of the specified file according to a response to the inquiry; and

the server includes;

a first storage unit to store, in advance, a using qualification in connection with each specific combination of the three types of identification information;

a second storage unit to store, in advance, a level for each file;

a using qualification determination unit to provide the using qualification corresponding to a specific combination stored in the first storage unit to the portable information processing device, if each piece of the notified identification information coincides with the specific combination; and

a using permit determination unit to determine whether to permit use of the specified file by computing a level of the specified file referring to the second storage unit when there is the inquiry and comparing the level with the using qualification given to the portable information processing device, and to reply to the file using control unit, whereinthe portable information processing device further includes a timer to monitor a time interval, andthe identification information detection/notification unit checks a using condition of the portable information processing device that represents a user and a using place of the portable information processing device by detecting most recent identification information of the portable information processing device,identification information of the user and identification information of the using place at the time interval, and notifies the server of the most recent detected identification information if the using condition changes; and

the using permit determination unitdetermines a new using qualification according to a change of the using condition based on the most recent identification information andnotifies the portable information processing device of the new using qualification if the using qualification changes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An RFID notification unit enables an RFID reader to regularly read the RFID code of an RFID tag attached to the relevant terminal itself, its user and its current location and transmits the RFID code to a server. Upon receipt of this code, the using qualification determination unit of the server determines the current using qualification of the terminal referring to a using condition storage unit. When a user attempts to open an important information file, a file using control unit issues a request to the server. A permit determination unit determines whether to permit the opening of the relevant file, based on the using qualification and the storage contents of a file/level storage unit. When the opening is permitted, the important information file is downloaded onto the terminal or its decoding key is returned.

23 Citations

View as Search Results

12 Claims

1. An information security system comprising:
- a portable information processing device; and
  
  a server, whereinthe portable information processing device includes;
  
  an identification information detection/notification unit to detect detectable identification information of identification information of the portable information processing device, identification information of a user and identification information of a place, and to notify a server of the detected information; and
  
  a file using control unit to make an inquiry of the server if a file is a security target file when a user specifies an arbitrary file, and to control use of the specified file according to a response to the inquiry; and
  
  the server includes;
  
  a first storage unit to store, in advance, a using qualification in connection with each specific combination of the three types of identification information;
  
  a second storage unit to store, in advance, a level for each file;
  
  a using qualification determination unit to provide the using qualification corresponding to a specific combination stored in the first storage unit to the portable information processing device, if each piece of the notified identification information coincides with the specific combination; and
  
  a using permit determination unit to determine whether to permit use of the specified file by computing a level of the specified file referring to the second storage unit when there is the inquiry and comparing the level with the using qualification given to the portable information processing device, and to reply to the file using control unit, whereinthe portable information processing device further includes a timer to monitor a time interval, andthe identification information detection/notification unit checks a using condition of the portable information processing device that represents a user and a using place of the portable information processing device by detecting most recent identification information of the portable information processing device,identification information of the user and identification information of the using place at the time interval, and notifies the server of the most recent detected identification information if the using condition changes; and
  
  the using permit determination unitdetermines a new using qualification according to a change of the using condition based on the most recent identification information andnotifies the portable information processing device of the new using qualification if the using qualification changes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The information security system according to claim 1, whereina using condition is further stored in the first storage unit, andif the using condition is not met even when each of the notified identification information coincides with the specific combination stored in the first storage unit, the using qualification determination unit does not provide the using qualification.
  - 3. The information security system according to claim 2, whereinthe using condition is a period or a time zone, andthe using quality determination unit determines whether the using condition is met, based on a current date/time.
  - 4. The information security system according to claim 1, whereinthe first storage unit further stores a specific file name, andif a name of the specified file does not coincide with the specific file name, the using permit determination unit does not permit use of the specified file.
  - 5. The information security system according to claim 1, whereinthe security target file is encoded and stored in the portable information processing device, andthe using permit determination unit transmits a decoding key of a file whose use is permitted to the portable information processing device.
  - 6. The information security system according to claim 1, whereinthe security target file is not stored in the portable information processing device, andwhen it is determined to permit the use, the using permit determination unit downloads a file whose use is permitted to the portable information processing device.
  - 7. The information security system according to claim 5, whereinthe server stores a hash value of each of the encoded file,if the specified file is encoded when making the inquiry of the server, a file using control unit of the portable information processing device transmits the hash value of the encoded file to the server, andif the received hash value does not coincide with the stored hash value, the using permit determination unit of the server does not permit the use of the specified file, regardless of the using qualification.
  - 8. The information security system according to claim 1, whereinthe using permit determination unit of the server determines the using qualification based on the identification information regularly notified by the identification detection/notification unit and notifies the portable information processing device of the new using qualification if the using qualification changes, andif there is a file whose use cannot permitted by the new using qualification among files in use, the file using control unit of the portable information processing device stops the use of the file.
  - 9. The information security system according to claim 1, whereinas to an external place the use of the security target file in which cannot be usually permitted, if the relevant file is registered in advance, the first storage unit stores a combination of the three types of identification information including identification information of the external place and a using qualification corresponding to the combination in order to temporarily permit the use.
  - 10. The information security system according to claim 1, whereineach type of identification information of the identification detection/notification unit is an RFID code read from an RFID tag attached to each of the portable information processing device, a user and a place.

11. A server, comprising:
- a first storage unit to store, in advance, a using qualification in connection with each combination of three types of identification information of identification information of a portable information processing device, identification information of a user and identification information of a place;
  
  a second storage unit to store, in advance, a level for each file;
  
  a using qualification determination unit to provide the using qualification corresponding to a specific combination to a notifying portable information processing device if each piece of the notified identification information corresponds to the specific combination stored in the first storage unit when the identification information is notified by any of the portable information processing devices; and
  
  a using permit determination unit to determine whether to permit use of the requested security target file by computing a level of the requested security target file referring to the second storage unit and comparing the using qualification given to a requesting portable information processing device with the computed level, when there is a use request of an arbitrary security target file from any of the portable information processing devices, whereinthe using permit determination unitdetermines the using qualification based on the identification information notified from the notifying portable information processing device when a using condition of the portable information processing device that represents a user and a using place of the portable information processing device changes andnotifies the portable information processing device of the new using qualification if the using qualification changes.

12. A computer-readable storage medium on which is recorded a program for causing a computer to perform a method when the computer executes the program, the method comprising:
- storing in a first storage unit, in advance, a using qualification in connection with each combination of three types of identification information of identification information of a portable information processing device, identification information of a user and identification information of a place;
  
  storing in a second storage unit, in advance, a level for each file;
  
  providing the using qualification corresponding to a specific combination to a notifying portable information processing device if each piece of the notified identification information corresponds to the specific combination stored in the first storage unit when the identification information is notified by any of the portable information processing devices;
  
  determining whether to permit use of the requested security target file by computing a level of the requested security target file referring to the second storage unit, and comparing the using qualification given to a requesting portable information processing device with the computed level, when there is a use request of an arbitrary security target file from any of the portable information processing devices; and
  
  notifying the notifying portable information processing device of a new using qualification if the using qualification changeswherein the providing is carried out based on the identification information notified from the notifying portable information processing device when a using condition of the portable information processing device that represents a user and a using place of the portable information processing device changes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Morita, Yuji, Oosawa, Kenji, Matsuda, Chiaki
Primary Examiner(s)
Lee; Benjamin C
Assistant Examiner(s)
Yacob; Sisay

Application Number

US11/442,981
Publication Number

US 20070204348A1
Time in Patent Office

1,294 Days
Field of Search

340/628, 340 58- 586, 340/26, 340 52- 574, 340 522- 525, 726/2, 726/26, 726/27, 705/14, 705/18, 705/67, 713/166, 713300-340, 713/182
US Class Current

340/5.74
CPC Class Codes

G06F 21/35   communicating wirelessly

H04L 63/0492   by using a location-limited...

H04L 63/107   wherein the security polici...

Information security system, its server and its storage medium

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Information security system, its server and its storage medium

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others