In companies, vast amounts of electronic files (hereinafter, referred to as files) are generated and stored in PCs (personal computers) and file servers and circulated. Those files include a huge amount of highly confidential information. For example, there are spreadsheet data that describes a price list of unreleased products, a word processor file that describes personnel information and the like, a presentation file that describes public relations materials before publication, an e-mail that describes correspondence of confidential information with regard to cooperation with other company, and the like.
However, those files are not always sufficiently managed in reality, thereby increasing the risk of information leakage in the companies. In consideration of this, as a method for solving such a problem, a mechanism in which files “protect themselves” has come to be employed. This mechanism is Digital Rights Management (DRM). DRM has originally been promoted as a mechanism where pay contents, such as movie contents and music contents, are transacted with small amounts of accounts, which is then applied in file management in companies.
In common DRM, a file creator sets access rights for the file. Then, the file and the access rights information are collectively encrypted. This operation is hereinafter referred to as “encapsulation.” Further, the access rights regulate people who can use the file and operations that the people can execute to the file. Specifically, for example, there may be read only, editable/changeable, permission for all rights, or the like.
When a user uses an encapsulated file, an encapsulation server releases encapsulation after verifying the access rights of the user and returns the file, of which encapsulation was released, to the user. Hereinafter, this release operation is referred to as “decapsulation.” A user can execute file operations according to the access rights that the user possesses.
It should be noted that, to utilize the above-described common DRM, a user terminal should embed a DRM function for executing the DRM. If the DRM function is not embedded, the user terminal cannot use the files under the management of the DRM.
However, with recent development of cloud environment, there is increasing demand for using the files managed by DRM even from terminals that do not have a DRM function. For example, establishment of a method that enables encapsulation and decapsulation of files from terminals that do not have a DRM function, such as smartphones, tablet PCs, and public computers, is desired.
Various techniques for solving this problem has been considered. The method of encapsulating files is disclosed, for example, in PTL 1. In this method, the encapsulation server substitutionally performs encapsulation in response to a request from a user terminal. When a user terminal transmits an original file and access rights information, as a set, to the encapsulation server, the encapsulation server generates and returns an encapsulated file, whereby the user terminal can receive the encapsulated file. Although PTL 1 does not have a presupposition of a user terminal without a DRM function, by applying this technique, encapsulation is made possible from a user terminal without a DRM function.
Whereas, for decapsulation, for example, PTL 2 discloses a method of using an encapsulated file in a terminal that does not have a DRM function. Using this technique, an encapsulated file can be read even from a terminal without a DRM function. The process is as follows:
1) First, a user transmits an encapsulated file and the user's access rights information to the encapsulation server.
2) The encapsulation server checks whether the user has the access rights.
3) If the access rights are confirmed, the encapsulation is released and the inside file is converted to a format viewable for the user. This format is read only, where operations, such as copying, pasting, printing, changing, and image capturing, cannot be performed at all. This format allows only reading even for users who have higher authorization than reading, such as editing. It should be noted that if the access rights are not confirmed, the request is rejected and the encapsulation is not released.
As described above, according to PTL 1 and PTL 2, encapsulation of a file and reading of an encapsulated file under DRM is possible even using a terminal without a DRM function.
Further, PTL 3 and PTL 4 also disclose relevant techniques.