(1) Field of the Invention:
The present invention relates to a data protection program and data protection method for protecting data, and more particularly to a data protection program and data protection method for restricting access to resources to be protected.
(2) Description of the Related Art:
Computer systems are occasionally shared among a plurality of users. When a computer system is shared among a plurality of users, it is necessary limit the resources that can be used by the users in order to protect the data of some users from careless mistakes and unauthorized actions by other users.
Conventional computer systems receive authentication information including user name and password from a user, authenticate the user based on the received authentication information, and permit the authenticated user to access to the limited resources which have been authorized in advance for the user to access thereto. In this manner, the user is given selective access to the resources provided by the computer systems. While the above authenticating process is basically carried out on a user-by-user basis, the same authenticating process may be carried out on a group-of-users basis to provide selective access and information sharing for each of such groups.
Heretofore, it has been necessary that all authenticating operations for selective access be sorted out and planned according to a top-down procedure by the system administrator. However, the top-down selective access implementation approach as mentioned above is disadvantageous in that it involves a large expenditure of time and labor in an initial phase of system operation planning because the system administrator needs to plan in advance contents of information to be shared among users, and each user is unable to make finer access limitation settings of its own will.
In view of the above shortcomings, it has been proposed to allow system users to make more defined document protection processing based on a bottom-up approach. According to one proposal, a user encrypts a file stored in a storage device with a file encryption application to prevent the file from being used by an unauthorized third party.
According to a general file encryption process, a document file prepared by a user using an application such as a document generating application, e.g., a word processing program, is stored directly in a storage device, and thereafter the document stored in the storage device is encrypted.
When document files generated using such an application are stored directly in a storage device, the document files is temporarily left unprotected in the storage device. In order to mitigate the unprotected state of the stored document files, there has been considered a process for monitoring access to a storage device in a computer system used by users, and automatically encrypt a document file while or immediately after the document file is stored in the storage device.
According to the above process, if a storage destination (e.g., a directory) for a document file is to be encrypted, then the document file is encrypted using an encryption key associated with the storage destination without user awareness of encryption. The encrypted document file is decrypted when it is read from the storage destination. The document file is encrypted and decrypted only while the mechanism for monitoring access to the storage destination is in operation. The encrypted document files are protected from unauthorized use by operating the access monitoring mechanism only while a particular application is in an activated state.
However, if the access monitoring mechanism automatically encrypts and decrypts document files, then it is possible for a malicious third party to read encrypted document files during operation of the access monitoring mechanism. Specifically, while an application A which has activated the access monitoring mechanism is accessing the storage destination, an application B can also access the storage destination and read a decrypted document file.
Even if the application A acts to limit the user access, insofar as the access monitoring mechanism has been activated under the control of the application A, an encrypted document file can be read from the storage destination based on a copy request or the like from the application B. At this time, the document file read by the application B is also decrypted by the access monitoring mechanism. Thus, there arises a problem that a third party can fetch decrypted information from the storage destination.
This allows fraud operations such that a user with an access right activates the access monitoring mechanism with the application A and reads a document file using the other application B. For example, even if the application A poses an access restriction for permitting only the registration of data, a user who is allowed to use the application A can easily read data using the application B through such a fraud operation.