JP2012190241A - Method for information leakage countermeasure, computer device, program, and computer system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To appropriately take countermeasures for information leakage by determining for an operation request from a user of disclosed data that is an object of information leakage, whether it is a terminal of permitting a request or not according to a request content.SOLUTION: A control server 300 stores restriction setting data in which restriction items related to disclosed data and restriction objects that are objects of the restriction items are preliminarily associated with each other, and generates an execution program by readably associating the restriction setting data with the disclosed data. In response to an operation of the user for the disclosed data, a user terminal 20 executes the execution program, reads the restriction setting data, and restricts the user's operation for the disclosed data based on the restriction items and the restriction objects of the restriction setting data.

Description

  The present invention relates to an information leakage countermeasure method, a computer apparatus, a program, and a computer system, and more particularly to a technique that can realize information leakage countermeasures while sharing data.

  Conventionally, in information sharing and data sharing between multiple terminals, a technology has been known that makes it impossible to view texts unless a person who knows the password is given a password to the shared data. ing. By applying this technology further, a master password is provided separately from the normal password, and various information leaks such as browsing and editing the specified data can only be performed by someone who knows the master password. Countermeasures are known.

  Further, a system is known in which an authentication server is provided, and in order to browse data, in addition to the above password, the user can browse the text only by user authentication by the authentication server or token authentication such as USB (for example, patents). Reference 1). In such a system, the method and system as described above are provided in order to further increase the level of security having only a password.

JP 2010-146400 A

  However, in these technologies, for example, when an application for browsing the disclosed data is activated, the monitoring program resident in the terminal detects the activation of the application and the user discloses the application. It is confirmed whether or not the read data can be browsed, and browsing is performed or browsing is restricted. For this reason, whenever the application for browsing is changed or upgraded, it becomes necessary to update the resident monitoring program.

  Further, as a method of using the disclosed data, as described above, not only browsing and editing by starting an application but also displaying the disclosed data on a large screen (projecting on a projector) is conceivable. In such a case, the application for displaying on the large screen is not started, and the large screen display is performed by the operating system. Therefore, the monitoring program for monitoring only the application may be out of hand.

  Therefore, the present invention determines whether or not the terminal is a terminal that permits the request according to the request content in response to the request operation from the user for the data subject to the information leakage countermeasure, and appropriately releases the information leakage. An object of the present invention is to provide an information leakage countermeasure method, a computer apparatus, a program, and a computer system for countermeasures.

  The present invention provides the following solutions.

The invention according to the first feature is an information leakage countermeasure method to be executed by a computer,
A step for storing restriction setting data in which restriction items for disclosure data and restriction targets to be the target of the restriction items are associated in advance;
Associating the restriction setting data with the disclosed data so as to be readable, and generating an execution program;
Executing the execution program in response to an operation from the user with respect to the disclosed data, and reading the restriction setting data;
Restricting the user's operation on the disclosed data based on restriction items and restriction targets of the restriction setting data;
An information leakage countermeasure method for disclosed data comprising:

  According to the first aspect of the invention, the computer stores the restriction item for the disclosure data and the restriction setting data in which the restriction target that is the target of the restriction item is associated in advance. An execution program is generated in association with the data so that it can be read. Then, the execution program is executed in accordance with the user operation on the disclosed data, and the restriction setting data is read out. Further, the user's operation on the disclosed data is restricted based on the restriction item and restriction target of the restriction setting data.

  Therefore, in response to a request operation from the user for data subject to information leakage countermeasures, it is possible to determine whether or not the terminal permits the request according to the content of the request and appropriately take measures against information leakage. It becomes possible. In particular, since an execution program corresponding to the disclosed data is generated at the time of disclosure, the execution program can be executed when the user operates the disclosed data. Therefore, it is possible to appropriately monitor operations on the disclosed data.

  The invention according to the first feature exhibits the same operation and effect not only in the method in the category of the invention but also in the computer apparatus, the program, and the computer system.

  The invention according to a second feature is the invention according to the first feature, wherein the restriction target is a terminal specified by any of an IP address, a MAC address, or a terminal serial ID, and the restriction is made In the step, there is an information leakage countermeasure method for executing a restriction item for the disclosed data in the identified terminal.

  The invention according to the third feature is the invention according to the first or second feature, wherein the restriction items include browsing restriction, printing restriction, copy restriction, editing restriction, large screen display restriction, and predetermined conditions. An information leakage countermeasure method, which is at least one restriction item among a group of restriction items for deleting disclosed data.

  The invention according to the fourth feature is the invention according to the third feature, wherein the restriction item from which the disclosed data is deleted under a predetermined condition is the disclosure data or the execution program from one computer to another computer The information leakage countermeasure method is a restriction item in which the disclosed data or the execution program is deleted from the one computer that is the original storage destination when copying.

  The invention according to a fifth feature is the invention according to the first feature, wherein, in response to an operation from the user with respect to the disclosure data in the step of reading out the restriction setting data, the user browses the disclosure data. An information leakage countermeasure method is to respond to reception of a predetermined operation for request, print request, copy request, edit request, and large screen display request.

  An invention according to a sixth feature is the invention according to the first feature, wherein when there is an operation from the user to the disclosed data, an information leakage including a step of storing the operation as a log It is a countermeasure method.

  An invention according to a seventh feature is the invention according to the first feature, wherein the restriction item is executed in a terminal corresponding to the restriction target when the user operates the disclosed data. An information leakage countermeasure method including a step of storing a log indicating that the operation has been performed only when trying to do so.

  According to the present invention, in response to an operation request from a user for disclosed data that is subject to information leakage, it is determined whether or not the terminal is a terminal that permits the request, and information leakage is appropriately performed. It becomes possible to take measures.

FIG. 1 is a diagram showing an overall configuration of an information leakage countermeasure system 1. FIG. 2 is a diagram illustrating functional blocks of the disclosing person terminal 10 and the user terminal 20. FIG. 3 is a diagram illustrating an execution program generation process flow executed by the disclosing person terminal 10. FIG. 4 is a diagram illustrating a restriction process flow executed by the user terminal 20. FIG. 5 is a diagram showing a restriction setting data table. FIG. 6 is a diagram illustrating a terminal identification table. FIG. 7 is a diagram illustrating a screen image on the disclosing person terminal 10. FIG. 8 is a diagram illustrating a data configuration when an execution program is generated. FIG. 9 is a diagram illustrating an example of an icon of an execution program. FIG. 10 is a diagram showing a screen image displayed on the user terminal 20. FIG. 11 is a diagram illustrating functional blocks of the disclosing person terminal 10, the user terminal 20, and the restriction server 300. FIG. 12 is a diagram illustrating a restriction process flow executed by the user terminal 20 and the restriction server 300.

  Hereinafter, the best mode for carrying out the present invention will be described with reference to the drawings. This is merely an example, and the technical scope of the present invention is not limited to this.

[System configuration]
The system configuration of the present embodiment will be described with reference to FIG. The information leakage countermeasure system 1 includes, as an example, a discloser terminal 10, a user terminal 20 (20a, 20b), a router 50, a public line network 3, and a restriction server 300. Discloser terminal 10 and user terminal 20 may be connected to each other only via a local area network (LAN), or may be connected to each other via a local area network and public line network 3. The printer 60 and the large-screen television 70 are devices that can be used by the user terminal 20, and may be connected to the user terminal 20 via a network or may be physically connected via a dedicated cable.

[Description of each terminal]
FIG. 2 is a functional block diagram of the disclosing person terminal 10 and the user terminal 20. This will be described with reference to FIG.

  Discloser terminal 10 and user terminal 20 are, for example, a mobile phone, a portable information terminal, a computer (personal computer) 20a, a television, and a telephone, as well as a smartphone 20b, a netbook terminal, a slate terminal, an electronic book terminal, and portable music. Information home appliances used as terminals by users such as players, audio components, content playback / recording players, printers, telephones, FAX machines, copiers, scanners, MFPs (multifunctional peripheral devices, multifunction printers), digital cameras, etc. It may be.

  Discloser terminal 10 and user terminal 20 include a CPU (Central Processing Unit), a RAM (Random Access Memory), a ROM (Read Only Memory), and the like as control units, and a wired / wireless compatible communication device as a communication unit. And a storage unit includes one or both of an HDD (Hard Disk Drive) and an SSD (Solid State Drive). Further, the display unit includes a display unit such as a liquid crystal monitor that displays an image, and includes input units such as a mouse, a touch panel, and a keyboard that accept input from the user.

  Discloser terminal 10 includes restriction setting data storage means 11 and execution program generation means 12, and these means are realized by the cooperation of the above-described control unit, storage unit, communication unit, display unit, and input unit. Is done. The function of each means will be described later.

  The user terminal 20 includes restriction setting data reading means 21 and user operation restriction means 22, and these means are realized by cooperation with the above-described control unit, storage unit, communication unit, display unit, and input unit. Is done. The function of each means will be described later.

[Execution program generation processing]
FIG. 3 is a flowchart of execution program generation processing executed by the disclosing person terminal 10.

  First, the information disclosing person operates the disclosing person terminal 10, and the disclosing person terminal 10 creates disclosure data. Discloser terminal 10 stores the created disclosure data (step S10). Here, the disclosed data may be character data, image data, moving image data, audio data, or the like. Next, in response to an input from the disclosing person, the disclosing person terminal 10 generates restriction setting data by setting restriction items for countermeasures against information leakage of the disclosed data and the user terminal 20 to be restricted. Then, the generated restriction setting data is stored in the restriction setting data storage means 11 (step S11). The restriction setting data includes restriction items and restriction objects, and is, for example, the restriction setting data table in FIG.

  The restriction item will be described. When the user uses the disclosed data by performing a predetermined operation on the user terminal 20, if the disclosure causes information leakage of the disclosed data, this operation becomes the restriction item. . For example, as shown in FIG. 5, the restriction items include browsing of disclosure data, display of disclosure data on a large screen (including projector display), editing of disclosure data, printing of disclosure data, copying of disclosure data, disclosure data. Deletion, and voice output of disclosed data. A plurality of restriction items may be set in one disclosure data.

  The browsing of the disclosure data in the restriction item is to display the disclosure data on the user terminal 20 so that the user can browse. The large-screen display of the disclosed data means, for example, that the disclosed data is enlarged and displayed on the user terminal 20 or the attached large-screen television 70, a projector, or the like. The disclosure data printing means that the disclosure data is printed by the printer 60, for example. The copy of the disclosed data means copying a part or all of the disclosed data. Deletion of disclosed data means deleting part or all of disclosed data. The voice output of the disclosed data is to output part or all of the disclosed data by voice.

  The restriction target is the user terminal 20 that is the target of the restriction item. For example, the terminals A, B, and C in the terminal identification table of FIG. 6 are restricted by an IP (Internet Protocol) address, a MAC (Media Access Control) address, a SIM (Subscriber Identity Module) card ID, and a terminal serial ID. A terminal is identified.

  Next, the execution program generating means 12 of the disclosing person terminal 10 accepts an operation for associating the disclosing data with the restriction setting data from the disclosing person (step S12). When an operation for associating the disclosed data with the restriction setting data is received from the disclosing person (step S12: “YES”), the process proceeds to step S13. When an operation for associating the disclosed data with the restriction setting data is not accepted from the disclosing person (step S12: “NO”), the process loops.

  In step 13, the execution program generation means 12 generates an execution program. The execution program is an execution program that reads the corresponding restriction setting data and executes restriction when a predetermined operation is performed on the disclosed data. As shown in FIG. 8, the execution program is composed of disclosed data, restriction setting data, and a basic program. This restriction setting data is setting data associated with the disclosure data by the disclosing person. The basic program is a program that is executed when the user makes an operation request for the disclosed data at the user terminal 20. The basic program is a program that appropriately determines whether or not to execute the restriction by referring to the restriction setting data (may be a program having an extension such as EXE). When it is not necessary to limit the control, the disclosure data is appropriately controlled so that the user can operate it.

  Steps S12 and S13 will be described with reference to FIG. FIG. 7 is a screen image diagram of the disclosing person terminal 10. The accounting department setting 15, the executive management setting 16, and the general setting 17 are icons, and the disclosure data that is dropped on (releasing the drag) on the icon and the restriction setting data corresponding to the icon are associated with each other. . For example, the disclosing person drags the trade secret data 18 which is the disclosed data, and drops it on any of the icons of the accounting department setting 15, the executive management setting 16, and the general setting 17. When drop-on is performed on the icon of the accounting department setting 15, there is an execution program that is restricted by preset restriction items and restriction targets (only accounting department, tax accountant user terminal 20 can view and edit). Generated.

  Note that when the execution program is generated, the icon of the execution program may be generated as if it is a file of disclosure data. For example, as shown in FIG. 9, it may be an execution program or an icon that is a file of disclosed data. Thus, since the user is not explicitly shown as an execution program, the user can operate the execution program as if handling the disclosed data.

[Restricted execution processing]
Based on FIG. 4, the restriction | limiting execution process which the user terminal 20 performs is demonstrated. The restriction setting data reading means 21 of the user terminal 20 determines whether or not the user has requested an operation for the disclosed data at the user terminal 20 (step S20). If it is determined that the operation has been performed by the user (step S20: “YES”), the process proceeds to step S21. If it is not determined that the operation has been performed by the user (step S20: “NO”), the process loops.

  This specific operation request may be an operation request for launching an application that enables browsing and editing of the disclosed data, or an image output cable for displaying the disclosed data on another display or projector. It may be a connection operation request, a display request button operation request, or a print application activation operation request for printing disclosed data. It may be a command operation request or the like for copying disclosed data (including screen capture).

  Next, in step S21, the restriction setting data reading means 21 executes the execution program and reads restriction setting data corresponding to the disclosed data. The user operation restriction means 22 restricts the user's operation on the disclosed data in accordance with the restriction item and restriction target of the read restriction setting data. That is, the user operation restriction unit 22 determines whether or not the user terminal 20 that has made an operation request is a terminal to be restricted (step S22), and the user terminal 20 that has made the operation request makes a restriction. If the terminal is the target terminal (step S22: “YES”), the process proceeds to step S23, and the user operation restriction unit 22 executes the restriction item (step S23). On the other hand, if the user terminal 20 that has made the operation request is not a terminal to be restricted (step S22: “NO”), the process ends.

  Here, executing the restriction item in step S23 means that the operation accepted by the user terminal 20 cannot be executed, or a warning message indicating that this operation is restricted as shown in FIG. May be displayed.

  If the restriction item is an item that can be browsed only for a predetermined number of times of browsing or that can be printed only for a predetermined number of times of printing, the execution of the restriction item counts and stores the number of browsing times and the number of times of printing. Depending on whether or not the predetermined number of times of browsing or printing has been exceeded, restrictions are made so that browsing is not possible and printing is not possible.

  Note that when the restriction item is an item whose disclosure data is deleted for a predetermined time and for a predetermined condition, the execution of the restriction item means that the predetermined time has been reached or a predetermined condition (for example, a predetermined value from the disclosing person). It is determined at the time of step S23 whether or not the reception of e-mail is satisfied, and the disclosed data is deleted based on the determination result.

  Note that the restriction item is a restriction item in which the disclosure data is deleted under a predetermined condition, and the disclosure data or the disclosure data or data from one disclosure terminal 10 or user terminal 20 to another disclosure terminal 10 or user terminal 20 When the execution program is copied, the disclosure data or the execution program may be deleted from the one disclosure terminal 10 or the user terminal 20 that is the original storage destination (image of the MOVE command). In this case, in step S20, the restriction item is executed by accepting that the request is for a disclosure data copy operation request between terminals and deleting the disclosure data of the original storage destination.

[Restricted execution processing: SaaS type]
Next, based on FIG. 11 and FIG. 12, the Example which performs a restriction | limiting execution process by a SaaS (SoftwareAsAService) type | mold is described.

  With reference to FIG. 11, functional configurations of the disclosing person terminal 10, the user terminal 20, and the restriction server 300 will be described. The basic hardware configuration of the disclosing person terminal 10 and the user terminal 20 is the same as in the previous embodiment.

  Discloser terminal 10 includes restriction setting data storage means 11 (not shown in FIG. 11), disclosure data creation means 13, restriction setting data input means 14, and correspondence receiving means 19, and includes the control unit described above. These means are realized in cooperation with the storage unit, the communication unit, the display unit, and the input unit. The function of each means will be described later.

  The user terminal 20 includes a restriction setting data request unit 25 and a user operation restriction unit 22, and these means are realized by the cooperation of the above-described control unit, storage unit, communication unit, display unit, and input unit. Is done. The function of each means will be described later.

  The restriction server 300 includes a central processing unit (CPU), a random access memory (RAM), a read only memory (ROM), and the like as a control unit, a wired / wireless compatible communication device as a communication unit, and a storage unit as a storage unit. One or both of HDD (Hard Disk Drive) and SSD (Solid State Drive) are provided. Furthermore, a display unit such as a liquid crystal monitor that displays an image, and an input unit such as a mouse, a touch panel, or a keyboard that accepts input from the user may be provided.

  The restriction server 300 includes a restriction setting data storage unit 301, an execution program generation unit 302, a restriction setting data reading unit 303, and a log storage unit 304. The above-described control unit, storage unit, communication unit, display unit, These means are realized in cooperation with the input unit. The function of each means will be described later.

  In the present embodiment as well, the same process as the execution program generation process described with reference to FIG. First, the disclosure data creation means 13 creates disclosure data based on an operation input from the disclosure person, and stores the created disclosure data (step S10).

  Next, the restriction setting data input means 14 sets restriction items for countermeasures against information leakage of the disclosed data and the restriction target user terminal 20 in accordance with the input from the disclosing person, so that the restriction setting data is obtained. The limit setting data is generated, transmitted to the limit server 300, and stored in the limit setting data storage unit 11 (not shown in FIG. 11) (step S11).

  Next, the correspondence receiving unit 19 of the disclosing person terminal 10 receives an operation for associating the disclosing data with the restriction setting data from the disclosing person (step S12). When an operation for associating the disclosed data with the restriction setting data is received from the disclosing person (step S12: “YES”), the process proceeds to step S13. When an operation for associating the disclosed data with the restriction setting data is not accepted from the disclosing person (step S12: “NO”), the process loops.

  In the present embodiment, the processing in step S13 is executed by the restriction server 300, unlike the previous embodiment. Correspondence receiving means 19, when receiving an operation for association from the disclosing person, transmits the corresponding disclosure data and restriction setting data to restriction server 300, and is configured from this disclosure data and restriction setting data. Requests generation of an executable program to be executed. Then, the execution program generation unit 302 of the restriction server 300 generates a corresponding execution program. The configuration of the execution program in this embodiment is the same as the configuration of the execution program described in FIG. In other words, the execution program includes a basic program, disclosure data, and restriction setting data. However, the second execution program consisting only of the basic program and the disclosed data is transmitted to the disclosing person terminal 10. Discloser terminal 10 receives and stores the second execution program composed of the basic program and the disclosed data. On the other hand, the restriction setting data storage unit 301 of the restriction server 300 stores restriction setting data corresponding to the second execution program.

  As described above, the icon of the second execution program may be generated as if it is a file of disclosure data.

  Even in this embodiment, the execution program may be generated by the disclosing person terminal 10. In this case, only the restriction setting data in the execution program is transmitted to the restriction server 300, and the received restriction setting data is stored in the restriction setting data storage unit 301 of the restriction server 300. On the other hand, the disclosing person terminal 10 stores the second execution program from which only the restriction setting data is removed.

  Next, a restriction execution process (SaaS type) executed by the user terminal 20 and the restriction server 300 will be described with reference to FIG. The restriction setting data request means 25 of the user terminal 20 determines whether or not the user has requested an operation for the disclosed data at the user terminal 20 (step S30). If it is determined that the operation has been performed by the user (step S30: “YES”), the process proceeds to step S31. If it is not determined that the operation has been performed by the user (step S30: “NO”), the process loops.

  Next, in step S31, the restriction setting data reading unit 21 executes the second execution program and requests the restriction server 300 to read the restriction setting data corresponding to the disclosed data. In response to this request, the restriction setting data reading unit 303 of the restriction server 300 reads restriction setting data corresponding to the disclosed data (step S32). The restriction setting data reading unit 303 determines whether or not the user terminal 20 is a restriction target terminal (step S33).

  When the user terminal 20 is not a restriction target terminal (step S33: “NO”), the restriction setting data reading unit 303 causes the user terminal 20 to execute an operation request with no restriction (step S34). The process ends.

  When the user terminal 20 is a terminal subject to restriction (step S33: “YES”), the restriction setting data reading unit 303 reads the corresponding restriction item (step S35) and logs the restriction server 300. Store in the log storage means 304 (step S36).

  The log is history data indicating that there is an operation request when there is an operation request from the user for the disclosed data. The log in this case is stored when the user terminal 20 is a restriction target and an operation request corresponding to the restriction item is made. This log is stored for each operation request such as a browse request and an edit request, and for each user terminal 20, so that an administrator of information leakage countermeasures can view statistical data that summarizes this log from the administrator terminal. Thus, it is possible to confirm what kind of information leakage is attempted for each user.

  The storage of the log is not limited to the restriction target terminal and the operation request corresponding to the restriction item as in step S36, and the log storage unit 304 is read when the restriction server 300 reads the log. In addition, a log may be stored.

  Next, after storing the log, the restriction server 300 instructs the user terminal 20 to execute the restriction item. In response to this, the user operation restriction unit 22 executes the restriction items as described above (step S37).

  Executing the restriction item may be to make the operation accepted by the user terminal 20 unexecutable or to display a warning message indicating that this operation is restricted as shown in FIG. . At this time, information stored in the log may be displayed together with a warning message.

  The disclosing person updates new restriction items and restriction objects from the disclosing person terminal 10 to the restriction server 300 at an arbitrary timing after distributing the disclosed data (after transmitting to the user terminal 20). You may comprise so that it can do. That is, the restriction item and restriction target of the restriction setting data table stored in the restriction server 300 from the disclosing person's terminal 10 are changed and stored. As described above, in the SaaS type embodiment, the user terminal 20 checks the restriction setting table of the restriction server 300 each time disclosure data is operated. Even at the timing, a new restriction item or restriction object can be updated, which is useful.

  In the restriction execution process described above, the confirmation process for the operation request is first performed, and then the confirmation process for determining whether the terminal is a restriction target terminal is performed. However, these processes may be reversed. That is, a confirmation process of whether or not the terminal is a restriction target may be executed, and then an operation request confirmation process may be performed.

  The means and functions described above are realized by a computer (including a CPU, an information processing apparatus, and various terminals) reading and executing a predetermined program. The application program is provided in a form recorded on a computer-readable recording medium such as a flexible disk, CD (CD-ROM, etc.), DVD (DVD-ROM, DVD-RAM, etc.), for example. In this case, the computer reads the application program from the recording medium, transfers it to the internal storage device or the external storage device, stores it, and executes it. The program may be recorded in advance in a storage device (recording medium) such as a magnetic disk, an optical disk, or a magneto-optical disk, and provided from the storage device to a computer via a communication line.

  As mentioned above, although embodiment of this invention was described, this invention is not limited to these embodiment mentioned above. The effects described in the embodiments of the present invention are only the most preferable effects resulting from the present invention, and the effects of the present invention are limited to those described in the embodiments of the present invention. is not.

10 Discloser terminal 20 User terminal 300 Restricted server

Claims (10)

An information leakage countermeasure method to be executed by a computer,
A step for storing restriction setting data in which restriction items for disclosure data and restriction targets to be the target of the restriction items are associated in advance;
Associating the restriction setting data with the disclosed data so as to be readable, and generating an execution program;
Executing the execution program in response to an operation from the user with respect to the disclosed data, and reading the restriction setting data;
Restricting the user's operation on the disclosed data based on restriction items and restriction targets of the restriction setting data;
An information leakage countermeasure method for disclosed data comprising:   The restriction target is a terminal specified by any one of an IP address, a MAC address, and a terminal serial ID, and in the restricting step, a restriction item for the disclosed data in the specified terminal is executed. Item 1. The information leakage countermeasure method according to Item 1.   The restriction item is at least one restriction item selected from a group consisting of a restriction item for viewing, printing restriction, copy restriction, editing restriction, large screen display restriction, and restriction item for deleting the disclosed data under a predetermined condition. Or the information leakage countermeasure method described in 2.   The information leakage countermeasure method according to claim 3, wherein the restriction item in which the disclosed data is deleted under a predetermined condition is that when the disclosed data or the execution program is copied from one computer to another computer, An information leakage countermeasure method, which is a restriction item for deleting the disclosed data or the execution program from the one computer that is the original storage destination.   According to the user's operation on the disclosed data in the step of reading the restriction setting data, a predetermined request for a browsing request, a print request, a copy request, an edit request, and a large screen display request for the disclosed data is received from the user. The information leakage countermeasure method according to claim 1, wherein the information leakage countermeasure method is to accept an operation.   The information leakage countermeasure method according to claim 1, further comprising a step of storing, as a log, that there is an operation when there is an operation from the user with respect to the disclosed data.   7. The information leakage countermeasure method according to claim 6, wherein only when there is an operation from the user for the disclosed data and when the restriction item is to be executed on a terminal corresponding to the restriction target. The information leakage countermeasure method according to claim 1, further comprising a step of storing the operation as a log. Restriction setting data storage means for storing restriction items for disclosure data and restriction setting data in which restriction objects to be the target of the restriction items are associated in advance;
An execution program generation means for generating an execution program in association with the disclosed data so that the restriction setting data can be read;
Limit setting data reading means for executing the execution program and reading the limit setting data in response to an operation from the user with respect to the disclosed data;
User operation restriction means for restricting the user's operation on the disclosed data based on restriction items and restriction objects of the restriction setting data;
A computer device comprising: On the computer,
A step of storing restriction setting data in which restriction items for disclosure data and restriction targets to be the target of the restriction items are associated in advance;
Associating the restriction setting data with the disclosed data so as to be readable, and generating an execution program;
Executing the execution program in response to an operation from the user with respect to the disclosed data, and reading the restriction setting data;
Restricting the user's operation on the disclosed data based on restriction items and restriction objects of the restriction setting data;
A program for running A computer system in which one or more computers are communicatively connected to each other;
Restriction setting data storage means for storing restriction items for disclosure data and restriction setting data in which restriction objects to be the target of the restriction items are associated in advance;
An execution program generation means for generating an execution program in association with the disclosed data so that the restriction setting data can be read;
Limit setting data reading means for executing the execution program and reading the limit setting data in response to an operation from the user with respect to the disclosed data;
User operation restriction means for restricting the user's operation on the disclosed data based on restriction items and restriction objects of the restriction setting data;
A computer system comprising any one of the one or more computers.

Images