The present invention relates to a file management system, a file management apparatus, and a file management method for managing files accumulated in a hard disk, etc. of a personal computer; a program storage medium storing a program of an application for use in a file management system; and a program storage medium storing a program for allowing a computer to perform each function of a file management apparatus.
Conventionally, the contents of files accumulated in a hard disk of a personal computer can be displayed on a display unit, and the files can be copied to a floppy disk of another disk drive. Described below is a system including a personal computer and a file accumulation device.
FIG. 16 is a block diagram of a display connected to the conventional file management system, an application for access to the system, and a display connected to the system. FIGS. 17 and 18 are flow charts of the operations of the conventional file management apparatus in a conventional file management system, and the operation of an application.
Before explaining the operation of the conventional system and application, the predetermined condition is described below. The predetermined condition is that a third accumulation device 4 has already accumulated three files, that is, files L, M, and N. Each of the files L, M, and N is designed to include the information about an access right and the data of the contents of each file as shown in FIG. 16. An access right refers to a right of a user to read a target file from, or write the target file to a conventional file management apparatus 8. When there are a plurality of users, the information about an access right is set for each of the users. However, for convenience of explanation, it is assumed that there is one user, that an access right to the files,L and N is assigned to the user xe2x80x98Existing(YES)xe2x80x99, and that an access right to the file M is not assigned to the user xe2x80x98Not existing(NO)xe2x80x99. The data of the contents of, for example, the files M and N, can contain permission information indicating whether or not displaying the contents on a display 9 and copying the contents to a fourth accumulation device 5 are permissible. In addition, the data of the contents are encrypted. An application E 38 is a program having the function of displaying the contents of the files on the display 9. An application. F 39 is a program having the function of copying the files accumulated in the third accumulation device 4 to the fourth accumulation device 5.
Under the above described condition, the user is assumed to start the conventional system and application E 38. First, the user inputs the u name and the password of the user to the conventional file management apparatus 8 of a personal computer 37 using the keyboard connected to the personal computer 37. The keyboard is not shown in FIG. 16. Then, the conventional file management apparatus 8 confirms the name and the password of the user. If the name and the password have preliminary been registered, then the user is authenticated. (step 1 shown in FIG. 17). On the other hand, if the user name and/or password has not preliminary been registered, then the user is judged to be not authenticated, there by terminating the process (step 1 shown in FIG. 17). For convenience of explanation, it is assumed that the user has been. authenticated.
Then, the user instructs the application E 38 through the keyboard to request the conventional file management apparatus B to display on the display 9 the contents of any of the files accumulated in the third accumulation device 4. In this example, for convenience of explanation, it is assumed that an instruction to display the contents of the file N on the display 9 has been issued. The application E 38 issues an access request to the conventional file management apparatus 8 through an interface 6 (step 11 shown in FIG. 17). The conventional file management apparatus 8 receives the access request (step 2 shown in FIG. 17), reads the information about the access right to the file N of the third accumulation device 4 (step 3 shown in FIG. 17), and confirms the existence of the access right (step.4 shown in FIG. 17). As described above, since the information about the access right to the file N indicates xe2x80x98Existing(YES)xe2x80x99, that is, since the permission information that the user has the right to read and write the file N from and to the conventional file management apparatus 8 in the system is assigned to the file N, the conventional file management apparatus 8 reads the file N and passes it to the application E 38 through the interface 6 (step 5 shown in FIG. 17). If a target file is not the file N, but the file M, then access right information indicates xe2x80x98Not existing(NO).xe2x80x99 Therefore, the conventional file management apparatus 8 does not read the file M (step 4 shown in FIG. 17).
Then, the application E 38 reads the file N from the conventional file management apparatus 8 (step 12 shown in FIG. 17), further reads the permission information about the display of the file N, and confirms whether or not the permission information matches the request of the application E 38 to display the contents of the file N on the display 9 (step 13 shown in FIG. 17). Since the permission information about the display of the file N is xe2x80x98Permissiblexe2x80x99 as shown in FIG. 16, that is, since the contents of the file N is permitted to be displayed on the display 9, the application E 38 decodes the encrypted data of the contents of the file N (step 14 shown in FIG. 17), and displays the result on the display 9 (step 15 shown in FIG. 17). However, if the permission information about the display of the file N is xe2x80x98Impermissible,xe2x80x99 then the application E 38 does not decode the encrypted data of the file N, or display the data on the display 9 (step 13 shown in FIG. 17). In addition, when the target file is not the file N, but the file L, the file L does not contain the permission information. Therefore, the application E 38 decodes the encrypted data of the file L, and displays the result on the display 9 (steps 14 and 15 shown in FIG. 17), or does not decode the encrypted data or display the contents on the display, 9.
Described below is the case in which the user uses the application F 39. In this case, for convenience of explanation, it is assumed that the user issues an instruction to copy the file N accumulated in the third, accumulation device 4 to the fourth accumulation device, 5.
Also in this case, the steps of the application F 39 up to the step of inputting and reading the file N (step 22 shown in FIG. 18) are the same as the steps of the application E 38 up to the step 12 shown in FIG. 17. In the subsequent steps, the application F 39 copies the file N to the fourth accumulation device 5 through the interface 6 and the conventional file management apparatus 8 without confirming the permission information about copying the filed N (step:23 shown in FIG. 18).
If the target file is not the file N, but the file L, then the file L is copied to the fourth accumulation device 5 as in the case of the file N (step 23 shown in FIG. 18). On the other hand, when the target file is the file M, the access right information about the file M is xe2x80x98Not existing(NO).xe2x80x99 Therefore, as in the case of the application E 38, the application F 39 does not receive the file M from the conventional file management apparatus 8.
Thus, when the application E 38 is used in the conventional file management system, a process is performed with the permission information assigned to a file taken into account. On the other hand, when the application F 39 is used, a copying process is performed without taking the permission information assigned to a file into account.
Therefore, conventionally, a file assigned the permission information, that is, even a file whose copyright should be protected can be displayed, copied, etc. That is, a file assigned the permission information can be illegally used.
In addition, when a file is not controlled in various processes such as the displaying, copying, moving, backup, and/or processing, etc., the read file is permitted to be copied, etc. As a result, a file cannot be protected against illegal access with convenience.
As described above, the present invention aims at providing a file management apparatus, a file management system including the file management apparatus, and a file management method for processing a file assigned permission information taken into account while, in the conventional file management system, there is the problem that a file assigned the permission information can be processed without consideration of the permission information.
Furthermore, the present invention also aims at providing a file management apparatus, a file management system including the file management apparatus, and a file management method f hr preventing a file whose author has the copyright, and whose copyright should be protected from being displayed, copied, moved, backup, and/or processed without permission of the author.
In addition, the present invention aims at providing a file management apparatus, a file management system including the file management apparatus, and a file management method for controlling the processes of displaying, copying, moving, backing up, and/or processing a file, and preventing illegal access with convenience of file.
One aspect of the present invention is a file management system, comprising:
an accumulation device accumulating a file to which information about process restriction on the file is added; and
a file management apparatus performing an input/output process on the file, in consideration of a request for a process from an application accessing said file management system and, according to the information about process restriction added to the file, characterized in that
said file management apparatus compares the information about process restriction added to the file in said accumulation device with request contents of a process on the file from said application, determines whether or not the process should be performed on the file, inputs the file from said accumulation device based on the result, and outputs the file to the application.
Another aspect of the present invention is the file management system characterized in that:
said file management apparatus and said application comprise authentication units;
one of the authentication units performs an authentication process with another authentication unit;
said authentication unit of said file management apparatus checks whether or not said application is authenticated;
when the application is authenticated as a result of the authentication process, said file management apparatus determines whether or not application can process the file; and
when the application is not authenticated as a result of the authentication process, said file management apparatus does not accept the request to process the file from the application.
Still another aspect of the present invention is the file management system characterized in that:
said file management apparatus and said application comprise authentication units;
one of the authentication units performs an authentication process with another authentication unit;
said authentication unit of said file management apparatus checks whether or not said application is authenticated;
when the application is authenticated as a result of the authentication process, said file management apparatus determines whether or not application can process the file; and
when the application is not authenticated as a result of the authentication process, said file management apparatus reads all or a part of the information about process restriction added to the file in said accumulation device, and determines whether or not the application can process the file according to the read information.
Yet another aspect of the present invention is a program storage medium storing a program of an application used in the file management system according to the present invention.
Still yet another aspect of the present invention is a file management apparatus, characterized by comprising:
a comparison unit comparing information about process restriction on a file in an accumulation device connected to the file management apparatus with request contents of a process on the file from the application accessing the file management apparatus; and
an input/output unit determining whether or not the file can be processed based on a comparison result of said comparison unit, and inputting the file from said accumulation device and outputting the file to the application based on the result.
A further aspect of the present invention is the file management apparatus characterized in that:
said file management apparatus comprises an authentication unit;
said authentication unit and an authentication unit of the application perform an authentication process with each other;
said authentication unit of the file management apparatus checks whether or not the application can be authenticated;
when the application is authenticated as a result of the authentication process, said comparison unit performs the comparison process, and said input/output unit determines whether or not the application can process the file; and
when the application is not authenticated as a result of the authentication process, said comparison unit does not accept the request to process the file from the application, and does not perform the comparison process.
The 7th invention of the present invention (corresponding to claim 16) is the file management apparatus according to the 5th invention, characterized in that:
said file management apparatus comprises an authentication unit;
said authentication unit and an authentication unit of the application perform an authentication process with each other;
said authentication unit of the file management apparatus checks whether or not the application can be authenticated;
when the application is authenticated as a result of the authentication process, said comparison unit performs the comparison process, and said input/output unit determines whether or not the application can process the file; and
when the application is not authenticated as a result of the authentication process, said comparison unit reads all or a part of the information about process restriction added to the file in said accumulation device, and said input/output unit determines whether or not the application can process the file according to the read information.
A yet further aspect of the present invention is a program storage medium, characterized by storing a program for directing a computer to perform all or a part of each function of each component of the file management apparatus according to the present invention.
A still yet further aspect of the present invention is a file management system, comprising plural sets of:
an accumulation device accumulating a file to which information about process restriction on the file is added; and
a file management apparatus performing an input/output process on the file in consideration of a request for a process from an application accessing said file management system according to the information about process restriction added to the file, characterized in that,
said file management apparatus encrypts and adds to the file in a corresponding accumulation device a non-rewritable identification value specific to the accumulation device for specifying the corresponding accumulation device, and reads only the file to which the identification value of the corresponding accumulation device is added.
An additional aspect of the present invention is a file management system, comprising:
a plurality of accumulation devices accumulating a file to which information about process restriction on the file is added; and
a file management apparatus performing an input/output process on the file in consideration of a request for a process from an application accessing said file management system according to the information about process restriction added to the file, characterized in that
said file management apparatus encrypts and adds to the file accumulated in each of the plurality of accumulation devices a non-rewritable identification value specific to the accumulation device for specifying a corresponding accumulation device and reads only the file accumulated in an accumulation device corresponding to an added identification value.
A still additional aspect of the present invention is a file management apparatus, characterized in that to a file in an accumulation device connected to the file management apparatus, a non-rewritable identification value specific to the accumulation device for specifying the accumulation device is encrypted and added, and only the file to which the identification value of the accumulation device is added is read.
A yet additional aspect of the present invention is a file management apparatus, characterized in that to a file accumulated in each of a plurality of accumulation devices connected to the file management apparatus, a non-rewritable identification value specific to the accumulation device for specifying the corresponding accumulation device is encrypted and added, and only the file accumulated in the accumulation device corresponding to an added identification value is read.
A still yet additional aspect of the present invention is a program storage medium storing a program for directing a computer to perform all or a part of each function of the file management apparatus.
Another aspect of the present invention is a file management method, characterized by comprising the steps of:
comparing information about process restriction on a file in an accumulation device accumulating the file to which the information about process restriction on the file is added with request contents of a process of the file from an application accessing the file management system;
determining whether or not the process can be performed on the file based on the comparison; and
inputting the file from said accumulation device based on the result, and outputting the file to the application.
Still another aspect of the present invention is a file management method, characterized by the steps of:
encrypting and adding a non-rewritable identification value specific to an accumulation device for specifying the accumulation device to a file in the accumulation device accumulating files; and
reading only the file to which the identification value of said accumulation device is added.
Yet another aspect of the present invention is a file management method, characterized by comprising the steps of:
encrypting and adding a non-rewritable identification value specific to an accumulation device for specifying the accumulation device corresponding to a file accumulated in each of a plurality of accumulation devices accumulating files; and
reading only the file accumulated in an accumulation device corresponding to an added identification value.