JP2004164604A - Electronic file management device, program, and file access control method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an electronic file management device, a program, and a file access control method for managing an electronic file such as a technical document requiring security and controlling access to the electronic file according to an access right. <P>SOLUTION: This electronic file management device is provided with an electronic file storage area for storing the electronic file, an electronic file management means storing the electronic file in the electronic file storage area after adding access right information to the electronic file, and a protected electronic file output means outputting a protected electronic file, which is protected by encrypting the electronic file in compliance with an access request for the electronic file. <P>COPYRIGHT: (C)2004,JPO

Description

  The present invention relates to an electronic file management apparatus, a program, and a file access control method for managing an electronic file such as a technical document requiring security and controlling access to the electronic file according to an access right.

  Conventionally, in an electronic file management device that manages electronic files, a password is registered in advance for an electronic file to be stored, and when an access request is received from a user, only when the user enters the registered password, An electronic file corresponding to the password is output to a display device or an external storage device.

In addition, the “document management system” of the present application (for example, Patent Document 1) creates and registers an electronic document, and when approved, converts and prints the document. A possible PDF and a non-printable PDF are created, and files that can be browsed are restricted according to the use authority.
JP 2001-142874 A

  However, in the conventional electronic file management device, when a user who has been granted access right obtains an electronic file and then passes the obtained electronic file to a user who has not been granted access right, the user who is not granted access right However, there is a problem that the electronic file can be accessed.

  Further, the above-described document management system of Patent Document 1 is suitable for disabling printing while permitting only a user who is not authorized to use a digitized document to view the document. After a user who is authorized to use reads out a printable PDF and passes the printable PDF to another user, even a user who does not have access authority to the printable PDF can copy the PDF. I was able to print.

  The present invention has been made in view of such circumstances, and an electronic file capable of appropriately managing an original document and a protected document to which access is restricted according to a user's authority according to the access authority. An object of the present invention is to provide a management device, a method, a program, and a recording medium on which the program is recorded.

  In order to solve the above-mentioned problem, the present invention provides an electronic file storage area for storing an electronic file, and an access right information added to the electronic file for storage in the electronic file storage area. Electronic file management means, and protected electronic file output means for outputting a protected electronic file obtained by encrypting and protecting the electronic file in response to an access request to the electronic file.

  In such an electronic file management apparatus, an electronic file (document) is managed by adding access right information, and a protected electronic file (protected document) is output. Therefore, the security of the original electronic file can be improved.

  Further, according to the present invention, when the electronic file management means receives a storage request for the electronic file, the electronic file management means encrypts the protected electronic file protected by encrypting the electronic file. The electronic file and the protected electronic file may be acquired and stored in the electronic file storage area in association with each other.

  According to a third aspect of the present invention, when the electronic file management means receives a storage request for the electronic file, the electronic file management unit encrypts the protected electronic file by encrypting the electronic file. Instead of obtaining and storing the electronic file, the protected electronic file can be stored in the electronic file storage area.

  Further, according to the present invention, as set forth in claim 4, the protected electronic file output means, upon receiving an access request for the electronic file, encrypts the protected electronic file. And output the protected electronic file.

  Further, according to the present invention, as set forth in claim 5, the electronic file management means receives the electronic file and the protected electronic file at the time of the storage request of the electronic file, and receives the electronic file and the protected electronic file. The electronic file storage area can be configured to be stored in the electronic file storage area in association with a file.

  Further, according to the present invention, the protected electronic file is obtained by transmitting the electronic file and the access right information to an external means for encrypting the electronic file. Thus, the electronic file management means may be configured to have a protected electronic file acquisition means provided to the electronic file management means.

  The present invention may be configured such that the protected electronic file is encrypted based on the access right information.

  According to the present invention, when the protected electronic file output means receives an access request to the unprotected electronic file, the protected electronic file output means determines whether or not the user has an access right to the unprotected document. Is determined, and based on the determination result, the access is denied.

  Further, according to the present invention, an electronic file management procedure for adding access authority information to the electronic file and storing the electronic file in an electronic file storage area, and responding to an access request to the electronic file. And outputting a protected electronic file in which the electronic file is protected by encrypting the electronic file.

  Further, according to the present invention, in accordance with the present invention, in response to an access request, the electronic file is managed by encrypting the electronic file based on the access authority information to provide a protected electronic file. Acquiring the protected electronic file in response to a processing request for the electronic file, and controlling the processing for the decrypted protected electronic file in accordance with the access right information if the protected electronic file can be decrypted. Can be configured.

  The present invention manages electronic file identification information for identifying the electronic file, a key for decrypting the protected electronic file, and the access control information. Sometimes, user authentication information for authenticating the user who made the processing request, the electronic file identification information, and the processing type are obtained, and if the user authentication is successful, permission for the processing based on the access authority information or Based on the result of the determination, obtain the processing requirements specified at the time of permitting the processing and the key, decrypt the protected electronic file with the key, and perform the processing in accordance with the processing requirements. Can be controlled.

  According to the present invention, an access-restricted electronic file is generated so that only a user authorized by the access right information can decrypt the access-restricted electronic file. By managing based on the information, it is possible to prevent a user who is not permitted to access in the access right information even if the user obtains the access-restricted electronic file, and manage the access right. Can be automatically performed only by an administrator (access authority setting person) creating access authority information.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  First, an outline common to each embodiment in an electronic file management device as an embodiment of the present invention will be described.

  An electronic file management device as an embodiment of the present invention includes a computer device main body, an input device for inputting by a user, and a display device for displaying various information to the user.

  The input device is, for example, a keyboard or a mouse, and the display device is, for example, a display.

  The computer device itself manages an original document (Document; an original electronic file) and a protected document (Protected Document; an access-restricted electronic file), and performs the above operation according to the access authority granted to the user who operates from the input device. Output to the display device.

  The output destination from the computer device main body is not limited to the above-described display device. For example, by connecting a printer to the computer device main body, printing (output) can be performed from the printer. If the access request from the user is to save the information on an information recording medium such as a removable disk such as an FD (floppy (registered trademark) disk), the information may be saved on the information recording medium.

  Next, an electronic file management apparatus 501 according to a first embodiment of the present invention will be described with reference to FIG. FIG. 1 is a diagram showing an electronic file management device according to the first embodiment of the present invention.

  In FIG. 1A, a document 11 (original document; original electronic file) and an ACL (Access Control List; access authority information) 12 are used in a first embodiment using a document management program (Document Management Program) 21. Is a model in which the protected document 13 is created and the protected document 13 is basically accessed only when is stored.

  The electronic file management apparatus 501 controlled by the computer apparatus body in the first embodiment includes a document management program (management unit) 21 that receives and manages a document 11 and an ACL 12 from an administrator, and includes the document 11 and the ACL 12 A document protection program (document protection program; access restriction unit) 511 for generating the protected document 13 with access restriction, and a document management database (document management database; storage unit) 23 for storing electronic files (various documents), the ACL 12, and the like. And these are provided in a storage device (not shown) such as an HDD.

  The ACL 12 is an access right to the document 11 set by the administrator, and includes information for restricting access to the document 11 by a user who accesses the document.

  The electronic file management device 501 according to the first embodiment is physically configured to include the above-described storage device that stores various programs and data, and a main control device such as a CPU. The electronic file management device 501 functions as the above-described management unit, access restriction unit, and storage unit when the control device performs processing according to a program stored in the storage device.

  In other words, the electronic file management device 501 functions as the above-described management unit when the main control device performs processing by the document management program 21 stored in the above-mentioned storage unit, and the document protection program stored in the above-mentioned storage device When the main control device performs the process according to 511, it functions as the above-described access restriction device.

  FIG. 2 shows a configuration example of the ACL 12. In the example shown in FIG. 2, the ACL 12 is configured with a user name (User name), an access type (Access type), permission information (Permission), and a processing requirement (Requirement) as parameters.

  That is, the access right granted to the user is associated with the user name (User name) of the user granted some access right for each operation command (Access type) from the user. Also, permission (Allowed) and rejection (Denied) are defined for each operation command by the user.

  In the examples shown in FIGS. 1A, 1B, and 2, the ACL 12 includes a processing requirement (Requirement) term, but if there is only general access control, the ACL 12 There may be no processing requirement (Requirement) section.

  The ACL 12 is created by the creator of the document 11 or an administrator of the electronic file management apparatus 501 (a user having administrator authority), and given to the document 11. The electronic file management device 501 performs the above-described various outputs based on the ACL 12 in response to each operation command from the user using the input device by the document management program 21.

  Next, the operation of the electronic file management device 501 according to the first embodiment when storing an electronic file will be described with reference to FIGS. 1 (A), 3, 4, and 5. FIG.

  When the document management program 21 receives and saves the document 11 and the ACL 12, the document management program 21 passes the received document 11 and ACL 12 to the document protection program 511 and receives the protected document 13.

  That is, the document protection program 511 generates the protected document 13 from the document 11 so that the same restriction as the access right set in the received ACL 12 is applied to the document 11.

  FIG. 3 shows a configuration example of a document protection / printing system for generating (encrypting) and decrypting the protected document 13 by the document protection program 511. In the following description, it is assumed that the use (decryption) of the protected document 13 is to print on recording paper by the printer 503.

  The document protection / printing system 5001 shown in FIG. 3 includes an electronic file management device 501, a printing terminal 502, a printer 503, and an access control server 504.

  As the electronic file management device 501 and the printing terminal 502, a computer terminal provided with a display device (for example, LCD), an input device (for example, keyboard), an external recording device (for example, FDD, HDD) and the like can be applied. Note that a document protection program 511 is mounted on the electronic file management device 501, and a document printing program 521 is mounted on the printing terminal 502.

  The document protection program 511 sets printing requirements for a document file according to a user's input operation as an administrator of the electronic file management apparatus 501, and uses a document file using an encryption algorithm (RC4, Triple DES, IDEA, etc.). Is a program that performs a process of encrypting a document and generating a protected document.

  Examples of printing requirements set by the document protection program 111 in the document file in response to an input operation by the administrator include background dot pattern (BDP) and confidential printing (Private Access: PAC). ), Addition of a digital watermark (DWM), addition of a barcode (Embedding Barcode: EBC), security label stamp (SLS), and the like.

  The document print program 521 is a program that decrypts the protected document 13 in accordance with a user's input operation and performs a process of causing the printer 503 to execute a print process according to the set print requirements.

  When a user attempts to print a document, the access control server 504 refers to the ACL 12 in response to a request from the document print program 521, determines whether the user has the authority to print the document, and sets the print requirements. Is the server that gets what it is.

  In the access control server 504, a user database 541 in which information for authentication of each user (a set of a user name and a password) is stored, and an ACL 12 including printing requirements set for each user are registered. An ACL database 542 is connected.

  In the above-described document protection / printing system 5001, the document protection program 511 that has acquired the document 11 and the ACL 12 generates a unique document ID (Document ID) for each document file when generating the protected document 13. An encryption key (Key) used for decryption and the ACL 12 are transmitted to the access control server 504 in association with the key and registered.

  As shown in FIG. 5, the document protection program 511 encrypts the document 11 using an encryption key, adds a document ID to the encrypted document file (encrypted document), and adds the document ID to the protected document 13. Generate

  When the protected document 13 is generated in this way, the document management program 21 stores the received protected document 13 in the document management DB 23 together with (associated with) the document 11 and the ACL 12. In this manner, the electronic file management device 501 manages the pair of the document 11 and the protected document 13 (this is called a document pair (Document Pair)) by adding the ACL 12 (associated).

  Next, an operation when the electronic file management apparatus 501 according to the first embodiment receives an access request from a user to a managed document pair will be described with reference to FIGS. Will be explained.

  When receiving an access request for a document pair from a user, the document management program 21 authenticates the user. In this authentication, the document management program 21 returns the protected document 13 by referring to the ACL 12 assigned to the document pair and determining that the accessing user has reference authority, that is, has read authority. That is, output is performed from the electronic file management device 501 to a display device or the like as described above.

  In the above authentication, when the document management program 21 determines that the accessing user does not have the reference authority, that is, the read authority is not granted, the document management program 21 displays that fact on the display device.

  The decryption of the output protected document 13 will be described with reference to the above-described example of the document protection / printing system 5001 shown in FIG.

  In the example of the document protection / printing system 5001 shown in FIG. 3, as an output from the above-described electronic file management device 501 to a user who wants to print or refer to a document file, the administrator passes the document file on an information recording medium such as an FD. Are performed, and transmission to the printing terminal 502 via the communication network is illustrated.

  When the user wants to print the document 11, the protected document 13 is mounted on the printing terminal 502. For example, the protected document 13 output (recorded) from the electronic file management device 501 to the information recording medium as described above may be read by the printing terminal 502 using an external recording device, or the printing terminal 502 may When communication with the file management apparatus 501 is possible, the electronic document management apparatus 501 may output the protected document 13 to the printing terminal 502 via a communication network.

  When the user instructs the document printing program 521 to print via the input device of the printing terminal 502, the document printing program 521 requested to print prints the user name and password required to authenticate the user. Prompt the user for input. For example, the document printing program 521 requests input of a user name and a password by displaying a message on a display device of the printing terminal 502 or the like.

  The document print program 521 sends the user name and password input by the user to the access control server 504, and requests user authentication.

  The access control server 504 performs user authentication using the user name and password passed from the document print program 521, and specifies the user.

  When the user is specified, the access control server 504 refers to the ACL database 542 to determine whether or not the user has the authority to print the document file, and what printing requirements the user has when printing the document file. Acquires information on access authority restrictions such as whether or not it has been set.

  If the user has the authority to print the document file (protected document 13), the access control server 504 prints the encryption key for decrypting the protected document 13 and the user, together with authentication information indicating that, and the user. The printing requirements are notified to the document printing program 521 via the printing terminal 502.

  The document print program 521 that has obtained the password and the printing requirements together with the authentication information from the access control server 504 decrypts the protected document 13 using the encryption key and restores the document 11.

  Then, the document print program 521 causes the printer 503 to execute print processing so as to satisfy the print requirements. For example, when BDP (printing pattern) is set as the printing requirement in the document file, the pattern is printed together with the contents of the document.

  As described above, when printing a document file, it is possible to enforce printing requirements set for each user by the administrator, that is, restrictions on access authority set for each user as the ACL 12.

  Next, a functional configuration realized by the document management program 21 according to the first embodiment will be described with reference to FIG. FIG. 4 is a diagram illustrating a functional configuration realized by the document management program according to the first embodiment. In the figure, clients c1 and c2 may be the same client.

  4, at least a document storage request reception unit 21a, a document storage unit 21b protected document acquisition unit 21c, a document reference request reception unit 21d, and a document acquisition unit 21e are configured as functions by the document management program 21. .

  When receiving the document 11 and the ACL 12 together with the document storage request from the client c1 requesting storage of the document 11, the document storage request receiving unit 21a passes the received document 11 and ACL 12 to the document storage unit 21b.

  The document storage unit 21b stores the received document 11 in the document management DB 23, and sets the received ACL 12 as the ACL 12 of the stored document 11. The document storage unit 21b returns the identifier (document ID) of the stored document 11.

  When receiving the document ID from the document storage unit 21b, the document storage request receiving unit 21a passes the document 11, the ACL 12, and the document ID to the protected document acquisition unit 21c. The protected document acquisition unit 21c passes the document 11 and the ACL 12 to the document protection program 511 to acquire the protected document 13, and passes the document ID and the protected document 13 to the document storage unit 21b.

  The document storage unit 21b stores the protected document 13 in the document management DB 23 in association with the document 11 specified by the document ID.

  The document storage request receiving unit 21a returns the document ID to the client c1 that has made the document storage request. The return timing may be immediately after storing the document 11 or after confirming that the protected document 13 has been stored.

  Further, when receiving the document ID together with the document reference request from the client c2 requesting reference to the document 11, the document reference request receiving unit 21d passes the received document ID to the document acquisition unit 21e.

  The document acquisition unit 21e checks the ACL 12 of the corresponding document 11 from the document management DB 23 based on the received document ID, and if the request is from a user having reference authority, the protected document stored together with the document 11 13 is obtained from the document management DB 23 and returned to the document reference request receiving unit 21d.

  The document reference request receiving unit 21d returns the received protected document 13 to the client c2 that has made the document reference request. If the user using the client c2 who has made the document reference request does not have the reference authority, an error is returned. On the other hand, if the user has special authority to refer to the original, the original document 11 may be returned instead of returning the protected document 13.

  Next, the operations of the document protection program 511 and the access control server 504 when generating the protected document 13 from the document 11, and the document printing program 521 and the access control server 504 when restoring the protected document 13 into the document 11 and printing the same. The operation of will be described in more detail.

  The operation when the document protection program 511 generates the protected document 13 will be described with reference to the drawings. FIG. 5 shows the operation of the document protection program.

  In FIG. 5, when the document protection program 511 obtains the document file and the ACL 12 by the input operation of the administrator at the input device of the electronic file management device 501, it generates an encryption key for encrypting / decrypting the document file. . Then, the document protection program 511 encrypts the document file using the generated encryption key to generate an encrypted document.

  Further, the document protection program 511 generates a protected document 13 by attaching a unique document ID for each document file to the encrypted document.

  After generating the protected document 13, the document protection program 511 transmits the encryption key, the ACL 12, and the document ID to the access control server 504 by using the communication function of the electronic file management device 501, and registers these registrations on the access control server 504. Request to.

  The access control server 504, which has received the encryption key, the ACL 12, and the document ID from the document protection program 511, records and holds them as one record in the ACL database 542, as shown in FIG. FIG. 6 is a diagram showing an example of the structure of information recorded in the ACL database. 6, the ACL database 542 manages an encryption key (Key) and the ACL 12 for each document ID (Document ID).

  In the above example, the case where the document protection program 511 generates the document ID and the encryption key is described. However, these processes are performed separately by the access control server 504, the generation of the document ID, and the generation of the encryption key. Server (not shown).

  If the electronic file management device 501 and the access control server 504 are connected not via a dedicated line but via a network, and there is a risk of eavesdropping when transmitting an encryption key or the like, an SSL (Secure) Communication may be performed using Socket Layer).

  Any protocol may be used when the document protection program 511 communicates with the access control server 503. For example, a distributed object environment may be introduced, and information may be transmitted and received based on Java (registered trademark) RMI (Remote Method Invocation) or SOAP (Simple Object Access Protocol). In that case, the access control server 504 may implement a method such as register (String docId, byte [] key, byte [] acl). If the SOAP is used, the SOAP protocol is exchanged over HTTPS, and if the RMI is used, the RMI is executed using an SSL-based SocketFactory, thereby ensuring security on the network.

  Next, an operation when the document print program 521 prints the protected document 13 will be described with reference to FIG.

  FIG. 7 is a diagram showing a flow of operation of the document print program and the access control server.

  7, when the document print program 521 obtains the protected document 13, the user name, and the password by the user's input operation on the input device of the printing terminal 502, obtains the document ID attached to the protected document 13 ( Step S511).

  Then, the access control server 504 transmits the user name, the password, the document ID, and the access type (information indicating the processing requested by the user. In this case, the print is performed because the protected document 13 is to be printed). Then, it is requested to check whether or not the user has the access right (step S512).

  FIG. 8 is a diagram showing an example of a SOAP inquiry to the access control, and inquires whether access is permitted by passing a user name (userId), a document ID (docId), and an access type (accessType). In this example, a SOAP message (isAllowed) is transmitted, and the result (isAllowedResponse) is received. The results include what is allowed (allowed is true) and the requirements (requirements).

  When acquiring the user name, password, document ID, and access type from the document print program 521, the access control server 504 refers to the information registered in the user database 541 (step S513) and performs user authentication (step S514). ).

  In other words, the access control server 504 refers to the information registered in the user database 541, and combines the user name and password included in the information acquired from the document print program 521 into the user database 541. It is determined whether or not it is registered as.

  If the user authentication fails (in other words, if a set of a user name and a password included in the information passed from the document printing program 521 is not registered in the user database 541), the access control server 504 Then, the permission information (information indicating whether or not the processing requested by the user is permitted) is transmitted to the printing terminal 502 as "non-permission", and is passed to the document printing program 521 (step S515). In this case, the permission information indicating “error” may be transferred to the document printing program 521 (step S516).

  On the other hand, if the user authentication is successful, the access control server 504 reads a record related to the document ID included in the information acquired from the document printing program 521 from among the records stored in the ACL database 542 (step S517).

  The access control server 504 acquires the ACL 12 included in the read record, and acquires the permission information and the printing requirement from the ACL 12 based on the user name and the access type acquired from the document print program 521 (Step S518).

  In other words, the access control server 504 acquires the permission information and the printing requirements set in the ACL 12 in advance based on the user name and the access type (step S519).

  It is determined whether or not the permission information obtained from the ACL 12 indicates "permission" (step S520). When the permission information acquired from the ACL 12 is “permitted”, the access control server 504 transmits the encryption key and the printing requirement stored in the record to the printing terminal 502 together with the permission information and receives the document printing program 521. Handover (step S521).

  On the other hand, when the permission information acquired from the ACL 12 is “not permitted”, the access control server 504 transmits only the permission information to the printing terminal 502 and passes it to the document printing program 521.

  The document print program 521 that has received the permission information from the access control server 504 refers to the obtained permission information, and if the permission information is “not permitted”, displays a message on the display device of the printing terminal 502 or the like. Then, the user is notified that the requested processing cannot be executed (step S522).

  On the other hand, if the acquired permission information is “permission”, the encrypted document portion of the protected document is decrypted and restored to the document file using the encryption key passed along with the permission information (step S523).

  Further, the document print program 521 sets a printer driver so as to satisfy the print requirement acquired together with the permission information (for example, sets a confidential print mode if PAC is specified), and causes the printer 503 to print the document. Is executed.

  If necessary, a message may be displayed on the display device of the printing terminal 502 to request the user to set print parameters.

  If printing that satisfies the printing requirements acquired from the access control server 504 cannot be executed by the printer 503, in other words, if the printer 503 does not have a function that satisfies the printing requirements set in the ACL 12, this is indicated. The user is notified, for example, by displaying a message on the display device, and the process ends without performing printing.

  Through the above operations, it is possible to set different access rights and printing requirements for each user. Further, as described above, in the system configuration in which the access control server 504 determines the access authority to the document file, the contents of the ACL 12 registered in the ACL database 542 are input to the electronic file management device 501 and the access control server 504. The change may be made by an operation. In this case, it is possible to change the printing requirement after distributing the protected document 13.

  For example, it is possible to set the access right to the already distributed protected document 13 to a new user, or to add a printing requirement to a specific user.

  Anyone who knows that the document protection / printing system 5001 shown in FIG. 3 that uses the present embodiment protects a document file by the above-described method can use a program impersonating the document printing program 521 as a computer. It is also possible for the terminal to execute it to illegally obtain the encryption key and decrypt the protected document 13. In this case, the protected document 13 can be printed without being forced by the printing requirements set as the ACL 12.

  For this reason, the document file is not simply encrypted using only the encryption key, but a combination of the secret key and the encryption key embedded in the document protection program 511 (exclusive OR). It is preferable to encrypt the document file with.

  In this case, by embedding the same secret key in the document printing program 521, only the document printing program 521 that enforces the printing requirements set by the administrator at the time of printing can decrypt and print the protected document 13. Becomes possible.

  Further, in the document protection / printing system 5001 described above with reference to FIG. 3, the document printing program 521 performs only processing related to printing of a document file, but the document printing program 521 sends the contents of the document file to the user. It may have a function of presenting and editing a document file. For example, this function can be realized as a plug-in of Adobe Acrobat (registered trademark).

  In the electronic file management device 501 according to the first embodiment, although not described in the example of the ACL 12 shown in FIG. 2 described above, for example, GetOriginal (access authority to the original electronic file) is used as the access type of the ACL 12. When the user authorized to access the GetOriginal accesses the document pair, the document management program 511 may return the document 11 instead of returning the protected document 13.

  That is, the electronic file management apparatus 501 performs user authentication based on the ACL 12 in which GetOriginal is defined, and if the accessing user is granted the access authority of GetOriginal, the electronic file management apparatus 501 transfers the document 11 from the electronic file management apparatus 501 as described above. May be output.

  Further, even if the ACL 12 does not define the access right to the document 11 as the original electronic file, only a special user (for example, only the saved user) may be allowed to access the document 11. That is, the document management program 511 may allow only a special user set in advance to access the document 11.

  According to the present embodiment, access control (restriction of access authority) to a document managed and stored by the document management program 511 and a document (portable document output from the electronic file management apparatus 501) passed to the user ) Can be unified with access control.

  Further, the administrator sets the access right restriction as the ACL 12, and operates the electronic file management device 501 with the input device so as to pass the document 11 and the ACL 12 to the document management program 511, thereby protecting according to the set access right. The electronic file management device 501 can manage the document 13 to be delivered to the user.

  In other words, the electronic file management device 501 can manage the output to the display device, the external recording device, and the like based on the access right restriction only by the administrator once setting the access right restriction as the ACL 12.

  Further, by defining the access authority to the original electronic file as described above, the electronic file management device 501 can manage the document 11 and the protected document 13 based on the above-described access authority restriction. That is, the electronic file management device 501 can manage the document 11 and / or the protected document 13 to be output according to the access authority set as the ACL 12.

  Another example of the electronic file management device 501 shown in FIGS. 1A and 1B will be described with reference to FIG. FIG. 9 is a diagram illustrating another example of the electronic file management device according to the first embodiment of the present invention. In the electronic file management device 501 shown in FIGS. 1A and 1B, only the original document 11-2 can be managed as shown in FIGS. 9A and 9B.

  9A, when the document management program 21 receives and saves only the document 11-2, the document management program 21 directly stores the received document 11-2 in the document management DB 23. In FIG. 9B, the document management program 21 outputs the document 11-2 to a display device or the like in response to an access request to the document 11-2, not to a document pair from a user. In this case, the user may be authenticated, but the determination of the read authority of the user by comparison with the ACL 12 is not performed.

  Next, an electronic file management device 505 according to a second embodiment of the present invention will be described with reference to FIG. FIG. 10 is a diagram illustrating an electronic file management device according to the second embodiment of the present invention.

  In the second embodiment, the document management program 21 stores the document 11 and the protected document 13 (document pair) in the document management DB 23 in association with the ACL 12 in the first embodiment. The document 13 is stored, and the document 11 is discarded.

  That is, if the document 11 is left as in the first embodiment, there is a possibility that a user who can access the document 11 distributes the unprotected document 11. In an environment where such a concern is a concern, the second embodiment allows the protected document 13 to be appropriately managed.

  The electronic file management device 505 of the second embodiment has the same physical configuration as that of the first embodiment, and as shown in FIG. 10, a document management program 51, a document protection program 22, The document management DB 23 is provided in a storage unit (not shown) such as an HDD.

  The same components as those in the above-described first embodiment are denoted by the same reference numerals, and description thereof is omitted.

  Also, the operation of the document protection program 22 for generating the protected document 13 from the document 11 and the system and operation for decrypting the protected document 13 output by access from the user and printing the same by the printer are shown in FIGS. 8 to FIG. 8.

  The operation of the electronic file management device 505 according to the second embodiment when storing an electronic file will be described with reference to FIG.

  When the document 11 and the ACL 12 are passed to the document management program 51 and the user operates to store the document 11 and the ACL 12 from the input device, the document management program 51 passes the received document 11 and the ACL 12 to the document protection program 511 to receive the protected document 13. That is, the document protection program 511 generates the protected document 13 as described above.

  Upon receiving the generated protected document 13, the document management program 51 stores the received protected document 13 in the document management DB 23, and discards the document 11 and the ACL 12.

  The operation when the electronic file management apparatus 505 according to the second embodiment receives an access request from a user to a managed document will be described with reference to FIG.

  When receiving the access request for the document, the document management program 51 returns the protected document 13 stored in the document management DB 23. That is, the electronic file management device 505 outputs the data to the display device or the like as described above.

  In the present embodiment, the document 11 is discarded, and after the protected document 13 is read out by the user, access control is performed according to the ACL 12. Therefore, there is no need to perform access control by the document management program 51.

  However, when the protected document 13 is obtained, there is a possibility that the contents may be accessed by decrypting the encryption. Therefore, in order to reduce the possibility as much as possible, as in the first embodiment described above, the document management program When the 51 stores the protected document 13 in the document management DB 23, the ACL 12 may be stored in association with the protected document 13 (managed by adding the ACL 12), and access control may be performed based on the ACL 12. That is, when the document 11 is discarded, the document management program 51 may store the ACL 12 in the document management DB 23 in association with the protected document 13 without discarding the ACL 12.

  By performing the access control in this manner, the access control (restriction of access authority) to the document managed and stored by the document management program 51 and the document passed to the user (output from the electronic file management device 505) are performed. (Portable document) access control can be unified.

  According to the present embodiment, by discarding the unencrypted document 11, the managed document can be more reliably protected.

  Another example of the electronic file management device 505 shown in FIGS. 10A and 10B will be described with reference to FIG. FIG. 11 is a diagram illustrating another example of the electronic file management device according to the second embodiment of the present invention. In the electronic file management device 505-2 shown in FIGS. 10A and 10B, only the original document 11-2 can be managed as shown in FIGS. 11A and 11B. .

  In FIG. 11A, when the document management program 51 receives and saves only the document 11-2, the document management program 51 directly stores the received document 11-2 in the document management DB 23. In FIG. 11B, the document management program 51 outputs the document 11-2 to a display device or the like not in response to a document pair from a user but in response to an access request for the document 11-2.

  Next, a functional configuration realized by the document management program 51 according to the second embodiment will be described with reference to FIG. FIG. 12 is a diagram illustrating a functional configuration realized by the document management program according to the second embodiment.

  12, unlike the document management program 21 shown in FIG. 4, this is an embodiment in which the original document 11 is not managed by the document management DB 13. The document management program 51 has at least a document storage request reception unit 51a, a document storage unit 51b, a protected document acquisition unit 51c, a document reference request reception unit 51d, and a document acquisition unit 51e as functions.

  The document storage request receiving unit 51a obtains the document ID by passing only the ACL 12 without passing the document 11 to the document storage unit 51b. In the document management program 51 shown in FIG. 12, an empty document area 13-2 in which only the ACL 12 is set is created in the document management DB 23, and the protected document 13 is stored in the empty document area 13-2 later. An example is shown.

  The protected document acquisition unit 51c, the document reference request reception unit 51d, and the document acquisition unit 51e perform the same operations as the protected document acquisition unit 21c, the document reference request reception unit 21d, and the document acquisition unit 21e shown in FIG. Therefore, the description is omitted.

  Of course, the document area 13-2 may be secured and stored after the protected document 13 is created, without creating the empty document area 13-2 first.

  In this example, since the document management program 51 is a program for managing only the protected document 13, it is realistic to run the same on the same computer as the document protection program 511.

  Next, an electronic file management device 61 according to a third embodiment of the present invention will be described with reference to FIG.

  In the third embodiment, the document management program causes the document protection program 511 to generate the protected document 13 in the first embodiment, and stores the document 11 and the protected document 13 (document pair) in the document management DB 23 in the ACL 12. The document 11 is stored as it is in association with the ACL 12 instead of being stored in association with the document, and the document protection program 511 generates the protected document 13 and outputs it as described above when an access request is received from the user. It is.

  That is, in the case of performing the management as in the first embodiment, more disk space is required for storing the protected document 13. Therefore, in the third embodiment, the protected document 13 is dynamically created when access to the document is requested by the user, thereby performing suitable management that does not use an extra disk area. Can be.

  FIG. 13 is a diagram illustrating an example of an electronic file management device according to the third embodiment. In FIG. 13, the electronic file management device 506 of the third embodiment has the same physical configuration as that of the first embodiment, and includes a document management program 61, a document protection program 511, and a document management DB 23. Are provided in a storage unit (not shown) such as an HDD. The same components as those in the above-described first embodiment are denoted by the same reference numerals, and description thereof is omitted.

The operation of the document protection program 511 to generate the protected document 13 from the document 11 and the system and operation when the protected document 13 output by access from the user is decrypted and printed by the printer 503 are also described in FIGS. 5 to 8 as described above with reference to FIG.

  The operation of the electronic file management device 506 according to the third embodiment when storing an electronic file will be described with reference to FIG.

  When the document 11 and the ACL 12 are passed to the document management program 61 and the user operates to store the document 11 from the input device, the document management program 61 adds the ACL 12 to the received document 11 and stores it in the document management DB 23.

  The operation of the electronic file management apparatus 506 according to the third embodiment when receiving an access request from a user for a managed document will be described with reference to FIG.

  Upon receiving an access request for a document, the document management program 61 performs user authentication, and checks whether or not the user has an access right based on the ACL 12 assigned to the document 11. If the user has the access right, the document management program 61 extracts the specified document 11 and ACL 12 from the document management DB 23, passes the document 11 to the document protection program 511, and generates and receives the protected document 13 as described above. The generated protected document 13 is returned to the caller of the document management program 61. That is, the electronic file is output from the electronic file management device 506 to a display device or the like as described above.

  Also in the third embodiment, for example, GetOriginal (access authority to the original electronic file) is defined as the Access type of the ACL 12 and the electronic file management device 506 performs user authentication in the same manner as in the first embodiment. , The document 11 may be returned (output in response to a request) instead of the protected document 13 to the user authorized to access the GetOriginal.

  Another example of the electronic file management device 506 shown in FIGS. 13A and 13B will be described with reference to FIG. FIG. 14 is a diagram illustrating another example of the electronic file management device according to the third embodiment of the present invention. In the electronic file management device 506-2 shown in FIGS. 14A and 14B, only the original document 11-2 may be managed.

  14A, when the document management program 61 receives and stores only the document 11-2, the document management program 61 directly stores the received document 11-2 in the document management DB 23. In FIG. 14B, the document management program 61 outputs the document 11-2 to a display device or the like in response to an access request to the document 11-2, not to a document pair from a user. In this case, the user may be authenticated, but the determination of the read authority of the user by comparison with the ACL 12 is not performed.

  Next, a functional configuration realized by the document management program 61 according to the third embodiment will be described with reference to FIG. FIG. 15 is a diagram illustrating a functional configuration realized by the document management program according to the third embodiment. In the figure, clients c1 and c2 may be the same client.

  In FIG. 15, the document management program 61 does not generate the protected document 13 in advance, but dynamically generates the protected document 13 when there is an access request from the user. The document management program 61 has at least a document storage request reception unit 61a, a document storage unit 61b, a protected document acquisition unit 61c, a document reference request reception unit 61d, and a document acquisition unit 61e.

  When receiving the document 13 and the ACL 12 together with the document storage request from the client c1 which has made the document storage request, the document storage request receiving unit 61a passes the document 11 and the ACL 13 to the document storage unit 61b.

  The document storage unit 61b stores the received document 11 in the document management DB 23, sets the received ACL 12 as the stored document 11, and returns a document ID for identifying the document 11.

  Then, the document storage request receiving unit 61a returns the document ID to the client c1 that has issued the document storage request.

  Upon receiving the document ID together with the document reference request from the client c1 that has made the document reference request, the document reference request receiving unit 61d passes the document ID to the document acquisition unit 61e.

  The document acquisition unit 61e refers to the ACL 12 attached to the document 11 corresponding to the received document ID, and checks whether the user requesting access has authority to refer. If the user has the authority, the document 11 corresponding to the document ID is acquired from the document management DB 23. The acquired document 11 and ACL 12 are passed to the protected document acquisition unit 61c.

  The protected document acquisition unit 61c passes the received document 11 and ACL 12 to the document protection program 511, acquires the protected document 13, and returns it to the protected document acquisition unit 61c.

  The protected document acquisition unit 61c passes the received protected document 13 to the document acquisition unit 61c. The document obtaining unit 61e passes the received protected document 13 to the document reference request receiving unit 61d.

  The document reference request receiving unit 61d returns the received protected document 13 to the client c2 that has made the document reference request.

  Since a user who does not have the authority to refer to can not access the protected document 13 after all, the user may obtain and pass the protected document 13 to anyone without confirming the authority. However, even though the document is encrypted, passing the protected document 13 gives a chance to decipher the code by force, so that a user without access right is not allowed to access the protected document as described above. It makes sense to do so.

  According to the present embodiment, access control (restriction of access authority) to a document managed and stored by the document management program 61 and transfer of a document (portable document) delivered to the user (output from the apparatus main body 6a). Access control can be unified.

  Further, since the disk area to be used can be reduced by the amount of the protected document 13, suitable management can be performed even when the disk capacity is relatively small.

  Next, an electronic file management device 507 according to a fourth embodiment of the present invention will be described with reference to FIG. FIG. 16 is a diagram illustrating an electronic file management device according to the fourth embodiment of the present invention.

  In the electronic file management device 507 according to the fourth embodiment, the document management program 71 causes the document protection program 511 to generate the protected document 13 in the first embodiment, and the document 11 and the protected document 13 ( While the document pair is stored in association with the ACL 12, the document protection program 511 generates and stores the protected document 13 in advance, and stores the document 11 and the protected document 13 (document pair) in the document management DB 23. The information is stored in association with the ACL 12.

  That is, it may be difficult for the electronic file management apparatus 507 to execute the document protection program 511 internally from the viewpoint of processing performance. Even in such a case, by storing the protected document 13 protected by the document protection program 511 in advance by the document management program 71, the document 11 and the protected document 13 can be appropriately managed. is there.

  The physical configuration of the electronic file management device 507 of the fourth embodiment is the same as that of the first embodiment described above. As shown in FIG. 16, a document management program 71, a document protection program 511, The document management DB 23 is provided in a storage unit (not shown) such as an HDD.

  The same components as those in the above-described first embodiment are denoted by the same reference numerals, and description thereof is omitted.

  Also, the operation of the document protection program 22 for generating the protected document 13 from the document 11 and the system and operation for decrypting the protected document 13 output by access from the user and printing the same by the printer are shown in FIGS. 8 to FIG. 8.

  The operation of the electronic file management apparatus 507 according to the fourth embodiment when storing an electronic file will be described with reference to FIG.

  First, the user passes the document 11 and the ACL 12 to the document protection program 511 to generate the protected document 13.

  When the document 11, the ACL 12, and the generated protected document 13 are passed to the document management program 71 and the user performs an operation of storing the document 11 from the input device, the document management program 71 receives the received document 11 and the protected document 13 (document pair). Is stored in the document management DB 23, and the received ACL 12 is assigned to manage the ACL.

  The operation of the electronic file management apparatus 507 according to the fourth embodiment when receiving an access request from a user to a managed document will be described with reference to FIG.

  Upon receiving an access request for a document pair, the document management program 71 performs user authentication and checks whether or not the user has an access right based on the ACL 12 assigned to the document pair. If the user has the access right, the protected document 13 stored in the document management DB 23 is returned. That is, the data is output from the electronic file management device 507 to a display device or the like as described above.

  Also in the fourth embodiment, for example, GetOriginal (access authority to the original electronic file) is defined as the Access type of the ACL 12 and the electronic file management device 7 performs user authentication in the same manner as in the first embodiment. , The document 11 may be returned (output in response to a request) instead of the protected document 13 to the user authorized to access the GetOriginal.

  In the fourth embodiment, the document protection program 511 may be implemented in another device instead of the electronic file management device 507. In this case, the protected document 13 is generated from the document 11 by the device in which the document protection program 511 is installed, and the document 11 and the protected document 13 are transmitted from the device that has generated the document to the electronic file management device 507 via a network or an information recording medium. And the ACL 12.

  Further, instead of passing both the document 11 and the protected document 13 when saving the document 11 in the document management program 71, the document 11 may be discarded by passing only the protected document 13. In this case, when an access request is received from the user, the operation is the same as in the above-described second embodiment.

  According to the present embodiment, access control (restriction of access authority) to a document managed and stored by the document management program 71 and a document (portable document output from the electronic file management device 507) passed to the user are output. ) Can be unified with access control.

  In addition, since the generation of the protected document 13 by the document protection program 511 can be performed so as not to be performed at the same time as other heavy processing in the electronic file management device 507, the processing capability of the electronic file management device 507 is relatively low. Can appropriately perform processing such as generation of the protected document 13.

  In addition, by generating the protected document 13 by the document protection program 511 by another device, it is possible to effectively distribute the load of the processing such as generation. As a result, even when the processing capabilities of the electronic file management device 507 and the other devices described above are relatively low, processing such as generation of the protected document 13 can be appropriately performed.

  Another example of the electronic file management device 507 shown in FIGS. 16A and 16B will be described with reference to FIG. FIG. 17 is a diagram showing another example of the electronic file management device according to the fourth embodiment of the present invention. In the electronic file management device 507-2 shown in FIGS. 17A and 17B, only the original document 11-2 can be managed.

  17A, when the document management program 71 receives and stores only the document 11-2, the document management program 71 directly stores the received document 11-2 in the document management DB 23. In FIG. 14B, the document management program 71 outputs the document 11-2 to a display device or the like in response to an access request to the document 11-2, not to a document pair from a user. In this case, the user may be authenticated, but the determination of the read authority of the user by comparison with the ACL 12 is not performed.

  Next, a functional configuration realized by the document management program 71 according to the fourth embodiment will be described with reference to FIG. FIG. 18 is a diagram illustrating a functional configuration realized by the document management program according to the fourth embodiment. In the figure, the clients c1-2 and c2 may be the same client.

  18, at least a document storage request receiving unit 71a, a document storing unit 71b, a document reference request receiving unit 71d, and a document obtaining unit 71e are configured as functions by a document management program 71.

  In the case where the protected document 13 is created and stored outside the document management program 71, the client c1-2 that issues a document storage request includes a document storage request unit 71f and a protected document acquisition unit 71g.

  The document storage request unit 71f passes the document 11 and the ACL 12 to the protected document acquisition unit 71g. The protected document acquisition unit 71g passes the received document 11 and ACL 12 to the document protection program 511 to acquire the protected document 13, and returns the protected document 13 to the document storage requesting unit 71f.

  The document storage requesting unit 71f passes the document 11, the protected document 13, and the ACL 12 together with the document storage request to the document management program 71 as the client c1-2 that makes the document storage request.

  When the document storage request receiving unit 71a of the document management program 71 receives the document 11, the protected document 13, and the ACL 12 together with the document storage request from the client c1-2 that has issued the document storage request, the document storage request is received by the document storage unit 71b. hand over.

  The document storage unit 71b stores the received document 11 and the protected document as a document pair in the document management DB 23, and adds the received ACL 12 to the document pair. The identifier of the document pair is returned to the document storage request receiving unit 71a as a document ID.

  The document storage request receiving unit 71a returns the document ID to the client c1-2 that has made the document storage request.

  The flow when the document management program 71 receives the document reference request from the client c2 that makes the document reference request is the same as that in FIG.

  Next, a case will be described in which the printer 502 connected to the printing terminal 503 outputs a confidential print in each of the above-described embodiments.

  First, a part of the security function of the printer applied in each of the above embodiments will be described with reference to FIG. FIG. 19 is a diagram illustrating an example of a security function provided in the printer.

  19, the operation of the document print program 521 when PAC is set as the print requirement will be described first. FIG. 20 shows the operation of the document print program 521 when the PAC is set.

  (1) When printing a document file in which PAC is set, the document print program 521 displays a print dialog 558 and then inputs a personal identification number (PIN) as shown in FIG. Is displayed on the display device of the printing terminal 503, and requests the user to input a PIN.

  (2) When the user inputs a PIN using the input device of the printing terminal 502, the document print program 521 sets this in the printer driver 503b and instructs printing.

  The printer driver 503b generates print data (PDL data) described in Postscript PDL (Page Description Language) from the document, and converts PJL (Print Job Language) data describing print job information such as the number of copies and an output tray into PDL data. At the beginning of. The printer driver 503b further adds a PIN as a part of the PJL data, and sends the PDL data with the PJL data to the print engine 503a.

  Upon receiving the PDL data with PJL data, the printer 503 refers to the contents of the PJL data. If the PDL data includes a PIN for confidential printing, the printer 503 does not print out the PJL data but stores it in a storage device (such as an HDD) inside the printer 503. Save the attached PDL data. When the user inputs the PIN via the operation panel of the printer 503, the printer 503 checks the input PIN against the PIN included in the PJL data, and if they match, determines the print job conditions (number of copies, trays) included in the PJL data. Printout in accordance with PDL data.

(3) A PIN cannot be set in the printer driver 503b.
If the printer 3 does not support confidential printing, the user is notified to select another printer that supports confidential printing, and the process ends without printing the document.

  In this way, after printing is performed, the printout of the document is not output from the printer 503 until the same PIN that was input before printing is input on the operation panel of the printer 503. Therefore, the printout of the document is not inadvertently left in the printer 503, and the leakage of the document due to the printout can be prevented.

  Further, communication with the printer 503 may be protected by SSL so that print data flowing on the network is not eavesdropped.

  Further, the document print program 521 may be linked with the user management of Windows (registered trademark) Domain so that the user is not required to input a PIN. For example, instead of prompting the user to enter a PIN, the user ID of the currently logged on user is acquired from the Windows (registered trademark) Domain, and the user ID is sent to the printer 503 along with the print data. The printer 503 receives a password input from the user on the operation panel, performs user authentication using the user ID and the password using a user authentication mechanism of Windows (registered trademark) Domain, and prints out if the user authentication is successful. good. The present invention is not limited to the Windows (registered trademark) Domain, and by linking it with user management that has been introduced in advance, it is possible to reduce troublesome PIN input for the user.

  Next, the operation of the document printing program 521 when EBC is set as the printing requirement will be described.

  (1) The document print program 521 generates data of barcode image data (or a two-dimensional code) indicating a document ID when printing a document in which EBC is set.

  (2) The document print program 521 sets the generated barcode image data as a stamp image in the printer driver 503b, and instructs the printer 503 to print.

  (3) If EBC cannot be set in the printer driver 503b, that is, if the printer 503 does not support the stamp function, the user is notified to select another printer that supports the stamp function, and printing is performed. The processing ends without executing.

  By doing so, a barcode is printed on each page of the document printout, and only a copier, fax machine, or scanner that can identify this barcode decodes the barcode to obtain the document ID. The access control server 504 can determine whether hard copy, image reading, fax transmission, and the like are permitted based on the document ID. As a result, security can be ensured consistently up to the paper document.

  Next, the operation of the document printing program 521 when BDP is set as the printing requirement will be described.

  (1) When printing a document for which BDP is set, the document print program 521 acquires the user name requesting printing and the printing date and time as character strings (for example, Ichiro, Aug. 04, 2002). 23:47:10).

  (2) The document print program 521 generates the copy-forgery-inhibited pattern image so that the generated character string is raised when the printout of the document is copied by the copying machine.

  (3) The document print program 521 sets the generated copy-forgery-inhibited pattern image as a stamp in the printer driver 503b, and instructs the printer 503 to print the document.

  (4) If BDP cannot be set in the printer driver 503b, that is, if the printer 503 does not support copy-forgery-inhibited pattern printing, the user is notified to select another printer that supports copy-forgery-inhibited pattern printing, and printing is performed. The process ends without performing.

  In this way, the name of the user who executed the printing process and the date and time are printed as copy-forgery-inhibited patterns on each page of the printout of the document. When the printout is processed by a copier, a scanner, or a fax, a character string appears. It will be. This is effective when a copying machine that does not support EBC is used, and has a deterrent effect on information leakage due to copying a printout of a document.

  Next, the operation of the document printing program 521 when SLS is set as the printing requirement will be described.

  (1) When printing a document file in which the SLS is set, the document printing program 521 selects an image prepared in advance according to the confidential level of the document (in the case of Top Secret, a mark of “secret”). Etc.).

  (2) The data of the selected image is set as a stamp in the printer driver 503b, and the printer 503 is instructed to print.

  (3) If the SLS cannot be set in the printer driver 503b, that is, if the printer 503 does not support the SLS, the user is notified to select another printer that supports the label stamp, and the printing is performed. The process ends without performing.

  By doing so, “top secret” or “secret” is automatically printed as a stamp on the printout of the document file, so that it is clear that the document is a confidential document. That is, it is possible to call attention to the management of the person who has the printout.

  The above examples are only examples of printing requirements. For example, print a digital watermark to prevent falsification, or print a protected document on special paper. Limited to a tray).

  As described above, by setting a security policy by using various security functions supported by the printer 503, it is possible to ensure the security of the printer 503 without any waste, by using the security functions without waste. Become. This is the same in the system configuration of each embodiment described above.

  Screens provided by a common user in each of the above embodiments will be described with reference to FIGS.

  FIG. 22 is a diagram illustrating an example of a screen displayed when accessing the electronic file management device. In FIG. 22, for example, when the user as an administrator selects the document management 551 displayed on the screen 550 of the client used by the user, a dialog 552 for authenticating the user is displayed. When the user inputs the user name and password in the user name and password input area 553 on the screen 552 and clicks the OK button 554 to execute authentication, the electronic file management device 511 performs user authentication. On the other hand, when the user clicks the cancel button 555, access to the electronic file management device 511 is canceled.

  When the user is successfully authenticated, a list of documents managed by the electronic file management device 501 is displayed as shown in FIG. 23, for example, as follows. FIG. 23 is a diagram illustrating an example of a screen that displays a list of documents managed by the electronic file management device.

  In FIG. 23, a screen 560 is a scene displayed when the user authentication is successful, and displays a list of documents managed by the electronic file management device 501.

  As a document list, folder 1, folder 2, folder 3, and folder 4, document 01, document 02, and document 03 are displayed. Folders 1 to 4 are displayed, for example, as icons indicating the shape of the folder, and documents 01 to 03 are displayed, for example, as thumbnails.

  For example, when the user selects the document 02, a document reference request is transmitted to the electronic file management device 501, and the access right to the document 02 is confirmed. If the user has the reference right, only the protected document of the document 02 is presented to the client.

  FIG. 24 is a diagram illustrating an example of a screen on which a protected document is presented. In FIG. 24, on a screen 570, an icon 571 indicates that a protected document of document 02 is provided as document 02. For example, the icon 571 indicates a PDF file, and when displayed in a valid state, indicates that only the protected document of the document 02 can be accessed.

  In the thumbnail 572 indicating the document 02, for example, an icon 573 indicating the MS Word (registered trademark) file format of the original document is displayed at the left end.

  On the client side, a dialog 574 may be displayed in order to open the protected document of the document 02, and the one input in the previous user authentication, for which the user authentication is required again, may be automatically used.

  When authentication based on the authentication information set in the dialog 574 is cooperative, for example, a screen as shown in FIG. 25 is displayed. FIG. 25 is a diagram illustrating a state where the protected document is opened.

  In FIG. 25, a screen 580 displays the opened protected document when the user authentication for the protected document of the document 02 is successful and the user has the right to open the protected document.

  Then, the user can refer to the contents of the protected document of the document 02, and can print this protected document if he has the print authority. That is, when the user clicks on the icon 581 for printing, it is confirmed whether or not the user has the print authority, and processing is performed so as to satisfy the security requirements for the document 02 specified and printed. .

  On the other hand, a case where the user refers to the original document 02 on the screen 570 shown in FIG. 24 will be described with reference to FIG. FIG. 26 is a diagram illustrating an example of a screen when the user does not have the original reference authority.

  In FIG. 26, when the user attempts to access the original document 02 by clicking the icon 575, it is determined whether the user has the right to access the original document 02. If the user does not have the authority to refer to the original document 02, a dialog 576 showing a message such as "The original authority to refer to the document by the security policy is not granted" is displayed. Therefore, the user cannot refer to the original document 02.

  Each of the above-described embodiments is a preferred embodiment of the present invention, and can be variously modified and implemented without departing from the gist of the present invention.

  For example, the contents of various documents (electronic files) used in the above-described embodiments are not limited to documents, and may be, for example, a document file including an image or an image file.

  Further, the electronic file management device according to the present invention includes the input device and the display device. However, the present invention is not limited to this configuration. For example, the electronic file management device is connected to the user by a user terminal connected via a network. May be received or output from the electronic file management device to a display device or an external recording device connected via a network.

  When a printer is connected to an electronic file management device or a printing terminal and used for output, even if the printer is connected via a network, the printer is integrated with the electronic file management device or the printing terminal. You may.

  Also, when there are a plurality of storage devices, if it is possible to confirm that an ACL or the like has been assigned (for example, associating and storing as described above), each of the document pairs or the ACL is stored in a different storage unit. It may be stored.

  In the above, the embodiment in the case of using the user-based access control model as the document protection program has been described. However, if the information for managing the access authority can be set and the electronic file can be managed. The present invention is not limited to this. For example, when a document protection program of a policy-based access control model is used, the present invention can be similarly applied as basically the same mechanism except that access is controlled according to a policy instead of an ACL.

FIG. 1 is a diagram illustrating an electronic file management device according to a first embodiment of the present invention. FIG. 3 is a diagram illustrating a configuration example of an ACL. FIG. 1 is a diagram illustrating a configuration of a document protection / printing system. FIG. 3 is a diagram illustrating a functional configuration realized by a document management program according to the first embodiment. FIG. 9 is a diagram illustrating an operation of a document protection program. FIG. 4 is a diagram illustrating a structure example of information recorded in an ACL database. FIG. 6 is a diagram showing a flow of operations of a document print program and an access control server. FIG. 9 is a diagram illustrating an example of an inquiry by SOAP to access control. FIG. 2 is a diagram illustrating another example of the electronic file management device according to the first embodiment of the present invention. It is a figure showing the electronic file management device concerning a 2nd embodiment of the present invention. FIG. 11 is a diagram illustrating another example of the electronic file management device according to the second embodiment of the present invention. FIG. 9 is a diagram illustrating a functional configuration realized by a document management program according to a second embodiment. FIG. 13 is a diagram illustrating an example of an electronic file management device according to a third embodiment. FIG. 14 is a diagram illustrating another example of the electronic file management device according to the third embodiment of the present invention. FIG. 13 is a diagram illustrating a functional configuration realized by a document management program according to a third embodiment. It is a figure showing the electronic file management device concerning a 4th embodiment of the present invention. It is a figure showing other examples of an electronic file management device concerning a 4th embodiment of the present invention. FIG. 14 is a diagram illustrating a functional configuration realized by a document management program according to a fourth embodiment. FIG. 3 is a diagram illustrating an example of a security function of the printer. FIG. 9 is a diagram illustrating processing when printing a document in which a PAC is set. It is a figure showing a dialog of PIN input. FIG. 7 is a diagram illustrating an example of a screen displayed when accessing the electronic file management device. FIG. 7 is a diagram illustrating an example of a screen displaying a list of documents managed by the electronic file management device. It is a figure showing the example of a screen where a protection document is shown. It is a figure showing the state where the protection document was opened. It is a figure showing the example of a screen when a user does not have original reference authority.

Explanation of reference numerals

11 Document 12 ACL
13 Protected document 21 Document management program 23 Document management DB
Reference Signs List 501 Electronic file management device 502 Printing terminal 503 Printer 504 Access control server 511 Document protection program 521 Document printing program 541 User database 542 ACL database

Claims (11)

An electronic file storage area for storing electronic files,
Electronic file management means for adding access authority information to the electronic file and storing the electronic file in the electronic file storage area;
An electronic file management device comprising: a protected electronic file output unit that outputs a protected electronic file obtained by encrypting and protecting the electronic file in response to the access request to the electronic file. The electronic file management means includes:
Upon receiving the electronic file storage request, the electronic file is encrypted to obtain the protected electronic file, and the electronic file is associated with the protected electronic file and stored in the electronic file storage area. The electronic file management device according to claim 1, wherein The electronic file management means includes:
Upon receiving the storage request for the electronic file, the protected electronic file protected by encrypting the electronic file is obtained, and the protected electronic file is stored in the electronic file storage area instead of storing the electronic file. The electronic file management device according to claim 1, wherein the electronic file management device stores the electronic file. The above-mentioned protected electronic file output means,
2. The electronic file according to claim 1, wherein upon receiving a request for access to the electronic file, the protected electronic file protected by encrypting the electronic file is obtained, and the protected electronic file is output. Management device. The electronic file management means includes:
2. The electronic file storage area according to claim 1, wherein the electronic file and the protected electronic file are received when the electronic file is requested to be stored, and the electronic file and the protected electronic file are stored in the electronic file storage area in association with each other. Electronic file management device.   A protected electronic file obtaining unit that obtains the protected electronic file by transmitting the electronic file and the access right information to an external unit that encrypts the electronic file, and provides the protected electronic file to the electronic file management unit. The electronic file management device according to claim 1, further comprising:   7. The electronic file management device according to claim 1, wherein the protected electronic file is encrypted based on the access right information.   Upon receiving a request to access the unprotected electronic file, the protected electronic file output unit determines whether or not the user has an access right to the unprotected document, and rejects the access based on the determination result. 7. The electronic file management device according to claim 1, wherein: An electronic file management procedure for adding access authority information to the electronic file and storing the electronic file in an electronic file storage area;
A computer-executable program for causing a computer to execute a protected electronic file output procedure of outputting a protected electronic file obtained by encrypting and protecting the electronic file in response to the access request to the electronic file. In response to the access request, manage the electronic file to provide a protected electronic file that has been protected by encrypting the electronic file based on the access authority information,
Obtain the protected electronic file in response to a processing request for the electronic file,
A file access control method, wherein when the protected electronic file has been successfully decrypted, the process is controlled for the decrypted protected electronic file according to the access right information. Electronic file identification information for identifying the electronic file, a key for decrypting the protected electronic file, and manages the access control information,
At the time of the processing request, obtain user authentication information for authenticating the user who made the processing request, the electronic file identification information, and the processing type,
If the user authentication is successful, determine whether to permit or reject the process based on the access authority information, and obtain the processing requirements and the key specified when permitting the process based on the determination result. And
Decrypting the protected electronic file with the key,
A file access control method characterized by controlling the processing according to the processing requirements.

Images