In recent years, due to design collaboration inside and outside companies and globalization of OEM (Original Equipment Manufacturing), overseas expansion of development/manufacturing bases has been advanced. Furthermore, due to the widespread use of cloud computing, geographical gaps between bases and between an orderer and a contractor have been narrowed, and circulation of technical data through a network has become active more and more. Under such circumstances, the risk of unauthorized release of valuable technical data has been significantly increasing. Thus, data security measures and ensuring traceability have become more important.
In particular, in manufacturing industries in which operations for placing orders with subcontractors and sub-subcontractors frequently occur, prevention of secondary leakage of design/manufacturing data from contractors is a major issue. Some services can be outsourced using cloud services. In areas such as three-dimensional CAD (Computer Aided Design), NC machining (Numerical Control machining), and medicine, however, many services requiring processing by local terminals still exist. Thus, in many cases, confidential data may be allowed to be saved on local terminals of contractors.
Since confidential data saved on a local terminal of a contractor is normally out of control of an orderer, it is desirable that technical preventive measures against unauthorized use or leakage should be taken. In particular, it is desirable that confidential data saved on a local terminal of a contractor should become unusable after the term of the contract expires. As the above-mentioned technical measures, for example, Japanese Unexamined Patent Application Publication No. 2009-26046 (PTL 1) refers to a technique for restricting access to a storage device by filtering a read instruction or a write instruction issued to a device driver of the storage or an input/output interface.
PTL 1 also discloses preventive measures against secondary leakage of data, in which in order to prevent secondary leakage of data from an organization at a data distribution destination to a third party, from an execution environment construction image file dedicated to distribution data processing including an operating system and an application for constructing an execution environment dedicated to distribution data separated from an execution environment of non-distribution data by virtualization means provided in a data distribution destination computer, installation of the operating system and application is performed, and the execution environment dedicated to distribution data processing and separated from the execution environment of the non-distribution data by the virtualization means provided in the distribution destination computer is constructed.
Similarly, Japanese Unexamined Patent Application Publication No. 2009-86840 (PTL 2) discloses an information processing apparatus that includes an administrator environment including an operating system and a specific application, the operating system being for data management constructed in a manner separated from an operating system environment accessed by a user by virtualization means provided in the information processing apparatus; and means for operating the application using a method in which the operating system environment accessed by the user transmits input information of a keyboard or the like to the environment for the management and receives, as reply thereof, information of a display screen from the environment for the management.
As commercial DRM (Digital Rights Management) products, software applications implementing an access control function inside an application program are also provided. For example, RMS (Rights Management Services) by Microsoft® (NPL 1) and LiveCycle® Rights Management ES2 by Adobe® (NPL 2) are techniques in which an application itself interprets security policies including the authority to perform editing and the authority to perform printing set for individual documents and restricts various operations such as browsing, editing, copying, and printing.