JP2005141483A - Document providing server - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a document providing server for ensuring the security of a document to be provided without sacrificing the convenience of a user. <P>SOLUTION: A document providing apparatus 20 for ensuring the security of contents of a document by adding restriction to the contents of the document and outputting it is provided with: a control table 25 in which the rank of restriction contents added to output contents of the document is stored corresponding to a referrer ID showing a referrer who refers to the document and preparer ID showing the preparer of the document; and a data analyzing part 22 which acquires the rank of the restriction contents applied to the document contents by retrieving the control table 25 according to a command from a user. <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to a document providing apparatus, and more particularly to a document providing apparatus capable of ensuring the security of a document to be provided.

  When printing an electronic document stored in a memory device, a system is known in which the security of the electronic document is secured by adding a restriction to printing execution for each user or group of users.

  In addition, when the electronic document is transmitted using e-mail, for example, e-mail transmission is restricted based on information of the e-mail source and destination, and when the file is saved, There is also known a system that secures the security of an electronic document by limiting the file storage process for each user who executes the process.

  For example, in Japanese Patent Laid-Open No. 2004-260, an importance level for permitting execution of printing to a user or a group of users is set, and an importance level is similarly set for a printer that performs printing. Print important documents with a less important printer, that is, a printer that can be viewed by anyone, by automatically selecting the printer with the assigned importance when printing information In this case, a printing system that can prevent unauthorized viewing by a third party or an unspecified number of people is shown.

Further, in Patent Document 2, when a security level is set for each component of an HTML document and a user issues a print instruction to a document in the document server, the security level of the document acquired from the document server There is shown a document providing apparatus capable of determining whether or not disclosure is possible for each component of a document by comparing user security levels, and replacing the element with a hidden character when disclosure is not possible.
JP 2001-142668 A JP 2001-325249 A

  As the method for restricting the execution of printing for each user or user group, only one of print permission and print prohibition can be set. For this reason, a user who is prohibited from printing cannot print a document necessary for business. On the other hand, a user who is permitted to print can print all accessible documents.

  When the user who is prohibited from printing needs to print a document necessary for business, for example, the administrator can set the time for which printing is permitted or the number of times of printing to permit limited printing. . However, if such a measure is taken, all documents can be printed within the permitted period or number of times, and thus document security cannot be sufficiently ensured.

  The system disclosed in Patent Document 1 is a method in which the printing press is changed according to the importance set by the user when printing is performed. In this method, an unauthorized user cannot print using a printer used by a third party. However, since there is no restriction on the content of the data to be printed, there is a possibility that important printed information may be illegally viewed by a third party. In addition, a user who is not permitted to print cannot print not only highly important documents but also less important documents.

  In the apparatus shown in Patent Document 2, a security level is set for each component of an HTML document, and the disclosure range can be limited by the set level. However, in this apparatus, it is necessary to set a security level for each component, and it is a technique for a document having a security level such as a tag such as HTML, and for a general-purpose document. It is not possible.

  The present invention has been made in view of these problems. The document creator and the referrer do not make any special preparation in the document exclusively for security without impairing the convenience of the user. A document providing server device capable of ensuring the security of the document to be provided is provided.

  In order to solve the above problems, the present invention employs the following means.

  A document providing apparatus that secures the security of a document content by outputting the content of the document with restrictions, and a creation that represents a creator ID that represents a referrer who refers to the document and a creator of the document Corresponding to the user ID, a control table storing the rank of restriction contents to be added to the output contents of the document and a search of the control table based on a command from the user to obtain the rank of restriction contents to be added to the document contents A data analysis unit is provided.

  Here, the output of the document includes not only printing but also all movements of the contents of the document such as transmission, storage, and display.

  Since the present invention has the above-described configuration, it is possible to provide a document providing apparatus that can ensure the security of a document to be provided without impairing user convenience.

  Hereinafter, the best embodiment will be described with reference to the accompanying drawings. FIG. 1 is a diagram for explaining a general network configuration to which the document providing apparatus according to this embodiment can be applied. In the figure, reference numerals 10 and 11 denote terminals, which are constituted by a PC, a PDA (Personal Digital Aassistants) or the like. Reference numeral 20 denotes a server device constituting the document providing device, which has functions such as a file server, a printer server, a database server, and a mail server. This function can also be provided in the terminal. A printer 30 receives a print execution command issued by the server apparatus 20 and executes printing.

  The user inputs user identification information such as a user ID when using the terminals 10 and 11. As a result, a plurality of users can use the same terminal. At this time, for user authentication, user authentication can be performed by means such as an IC card or biometric authentication. In addition, it is possible to authenticate the use authority for the shared resource and permit only the authenticated user to use the shared resource.

  FIG. 2 is a diagram for explaining the format of document data to be processed. The document data 200 includes a document creator identification number 201 such as a creator ID and content 201. The creator ID 201 may be information identifying the document creator or information identifying the document creator's security group. Also, the method and format for embedding the creator identification number 201 in the document is not dedicated to security, and may depend on the corresponding application software function. For example, in some document software, the user ID of the personal computer is written simultaneously with the document creation.

  3A and 3B are diagrams for explaining examples of command messages and report messages that are transmitted and received between the terminal and the server device. FIG. 3A shows a command message, and FIG. 3B shows a report message.

  The command message 300 includes a user ID (FROM) 301 that issued the command, a destination user (TO) ID (printer ID when the destination is a printer) 302, a command (printing, mail transmission, storage in a file, display, etc.) 303, The target document data 304 is provided. The report message 310 includes report data such as print completion, print inhibition, and print error. The format of the command message may be different depending on printing, display, and transmission, and may be a combination of a plurality of messages instead of a single message.

  FIG. 4 is a block diagram illustrating functions of the printer server in the server device 20. As shown in the figure, the server device 20 includes a data transmitting / receiving unit 21 that receives a command message 300 issued from the terminal 10, a spool 24 that stores the received message command, and a print control that stores information for restricting printing. The data analysis unit 22 that determines and acquires the print restriction rank based on the table 25, the command message, and the print control table, and the print control unit 23 that issues a print request to the printer 30 based on the acquired print restriction rank are provided.

  FIG. 5 is a diagram for explaining information to be set in each field (command 303, user ID (FROM) 301, destination user ID (TO) 302, document data 304) in the command message 300 shown in FIG. is there.

  When printing is performed, the terminal 10 or 11 issues a print command to the printer 30 via the server device 20. At this time, an instruction to execute printing is set in the command 303, the ID of the user using the terminal 10 or 11 is set in the user ID (FROM) 301, and the printer is set in the destination user ID (TO) 302. 30 ID is set, and document data to be printed is set in the document data 304.

  At the time of mail transmission, the terminal 10 or 11 issues a transmission command to a mail transmission function (not shown) via the server device 20. At this time, a command for sending mail is set in the command 303, the ID of the user using the terminal 10 or 11 is set in the user ID (FROM) 301, and mail is sent to the destination user ID (TO) 302. The ID of the receiving user is set, and the document data to be transmitted is set in the document data 304. The document data 304 is in the format of the document data 200 shown in FIG.

  During file storage, the terminal 10 or 11 issues a file storage command to a file server function (not shown) via the server device 20. At this time, a command for storing a file is set in the command 303, the ID of the user using the terminal 10 or 11 is set in the user ID (FROM) 301, and the recording medium is set in the destination ID (TO) 302. Information (recording medium ID, recording area, etc.) to be stored is set, and document data to be printed is set in the document data 304.

  FIG. 6 is a diagram for explaining the security group table 5 stored in the control table 25 of the server device 20. In the figure, 50 indicates a user ID, and 51 indicates a security group including a user having the user ID. In this example, it is classified by department such as design and personnel, but it may be classified by job title or other classification. When disclosing diagnostic information at a hospital, a pharmacy, or the like, a security group including these members may be set according to the situation of the members such as staff and patients as users.

  FIG. 7 is a diagram for explaining the limit rank table stored in the control table 25. The restriction rank is a combination of the security group 61 to which the document creator (document creator ID) belongs, the security group 62 to which the document reference source (terminal user ID) belongs, and the detailed classifications 610 and 620 of these groups. The limit rank set according to In this example, the print restriction rank is classified and set into five ranks including no restriction and restriction 1 to restriction 4.

  For example, if “design” tries to refer to a document created by “HR”, it means that the document is subject to restriction of restriction rank 3. If the “officer” refers to a similar document, it indicates that there is no restriction.

  When the server device 20 receives the command message shown in FIG. 5, the server device 20 uses the security group including the creator ID of the document creator of the document data 304 as the security group 61 of the document creator. If the command is a print command or a file storage command, the security group 62 including the user ID (FROM) 301 is used as the document reference source security group.

  In the case of a mail transmission command, the security group 61 including the creator ID of the document creator of the document data 304 attached to the mail is set as the security group 61 of the document creator. In addition, a security group including the user ID (FROM) 301 or a security group including the destination ID (TO) 302 is used as a document reference source security group.

  FIG. 8 is a diagram for explaining the details of the limit rank definition table 7 stored in the print control table 25 of the server device 20. The limit rank definition table 7 represents the limit rank and the details of the limit performed according to the limit rank.

In the figure, reference numeral 71 denotes a restriction rank field. In this example, restriction ranks 1 to 4 and no restriction shown in FIG. 7 are set. Reference numeral 72 denotes a limit action field, which sets a limit action corresponding to the limit rank shown in the limit rank field 71. Examples of the restriction operation include keyword replacement, display restriction, printing restriction, mail transmission restriction, etc. Reference numeral 73 denotes a target keyword field, in which a restriction target keyword corresponding to the restriction rank is set. When the data analysis unit 22 detects the target keyword from the document, the data analysis unit 22 performs restrictions such as keyword replacement, document display restriction, printing restriction, and mail transmission restriction.

  Reference numeral 74 denotes a replacement word field. When the limiting operation in the limiting operation field is replacement, the target keyword is replaced with a replacement word in the replacement word field. For example, when the keyword “project A” is found in the document data that receives the restriction rank 1, it is replaced with the keyword “Pa”. Further, if the keyword “confidential” is found in the document data of restriction rank 3, all output actions (display, printing, mail transmission, file storage, etc.) are prohibited.

  FIG. 9 is a diagram for explaining processing when printing a document from the terminal 10 to the printer 30 via the server device 20. The print target document is, for example, a document created by a user using the terminal 10, and this document is input to the terminal 11 using a recording medium such as an FD.

  In step 80, the user executes a print command via the terminal 10. The print command 300 is transmitted from the terminal 10 to the server device 20. In step 81, the server device 20 that has received the print command 300 performs a print request reception process. In this processing, as shown in FIG. 4, the data reception unit 21 receives a print command 300 and stores the received print command in the spool 24.

  Next, in step 82, print data analysis processing is performed. The data analysis unit 22 extracts an unprocessed print command 300 from the spool 24 that stores the print command 300 shown in FIG. 4 and refers to the print control table 25 for the extracted print command, as will be described later. Various restriction processes (keyword replacement according to restriction rank, printing restriction, etc.) are performed.

  Next, in step 83, as described above, for example, the document (modified document) in which the keyword replacement according to the restriction rank is performed is transmitted to the printer 30, and the printing process is performed in step 84. In step 85, the limit rank value in the limit process or the print result such as the print result is reported to the terminal 10.

  FIG. 10 is a diagram for explaining the details of the print data analysis process (step 82 in FIG. 9). First, in step 901, the command message 300 is read from the spool 24. Next, the user ID 301 (FROM) that issued the command is read from the read command message 300. Next, based on the user ID 301, the security group table 5 shown in FIG. 6 is referred to, and the detailed classification 620 of the security group to which the user who issued the command (document reference source) belongs is obtained.

  Similarly, the document data creator ID 201 is read from the document data 304 included in the command message 300, and the document data creator is referred to the security group table 5 shown in FIG. 6 based on the read creator ID 201. The detailed classification 610 of the security group to which (document creator) belongs is obtained.

  In step 902, based on the obtained detailed classification 620 and 610 of the security group, a corresponding restriction rank is obtained with reference to the restriction rank table 6 shown in FIG.

  Next, in steps 903 to 907, referring to the restriction rank definition table 7 shown in FIG. 8 based on the obtained restriction rank, a restriction operation according to the restriction rank is given.

  For example, when the limiting operation 72 is replacement, the content 202 of the document data is searched using the target keyword 73, and the searched keyword is replaced with the replacement word 74. Thereby, the content of the content 202 is corrected and changed.

  When the restriction operation 72 is print restriction, the content 202 of the document data is searched using the target keyword 73 (for example, “confidential”). If there is a keyword corresponding to the target keyword, printing of the content 202 is prohibited.

  Next, the above processing will be described by taking as an example the case where the command message command 303 is printed, the command issuing user ID (document reference source) 301 is UserB, and the document creator ID 201 of the document data 304 is UserA.

  First, in step 901, it is confirmed that the user IDs of User A and B are registered in the user names in FIG. 6 (the processing is stopped if they are not registered). Next, in order to obtain detailed information of the security groups to which User A and B belong, the security group table 5 is referred to based on the IDs of User A and User B, and the detailed classification of the security group to which User A belongs is “Design”. Information indicating that the detailed classification of the security group to which it belongs is “personnel” is acquired.

  In step 902, the restriction table 6 shown in FIG. 7 is referred to based on the acquired information. That is, when the detailed classification 620 of the document reference source security group is “personnel” and the detailed classification 610 of the document creation source security group is “design”, the restriction rank 1 can be obtained.

  Based on the limit rank 1, the limit operation can be determined by referring to the limit rank 71 of the limit rank table 7 shown in FIG. In this example, since the limit rank is 1, keyword replacement processing is performed.

  In this process, the content 202 is searched using the target keyword 73 corresponding to the restriction rank 1, and the keyword matching the target keyword 73 is changed to a replacement word. In this example, when the keywords “project A” and “research A” are present in the content 202, they are replaced with the corresponding replacement words 74 “Pa” and “Ra”, respectively (step 903).

  Further, when the limit rank acquired by referring to the limit table 6 shown in FIG. 7 is 3, by referring to the limit rank 71 of the limit rank table 7 shown in FIG. 8 based on the acquired limit rank 3 Determine the limiting action. Since the restriction rank is 3 in this example, the keywords “confidential” and “private” are searched in the content 202 of the document data 304, and if this keyword exists, printing is prohibited (step S1). 904).

  When the command issuing user ID (document reference source) is UserD and the creator ID (document creation source) is UserA, the security group table 5 is searched, and UserD and UserA are “security officer” and Information indicating that it belongs to “design” is acquired (step 901). Next, the restriction rank is obtained by referring to the restriction table 6 based on this information. In this case, the restriction rank is “no restriction” (step 902). If the restriction level is “no restriction”, no change or modification is made to the content 202 (step 907). That is, UserD (officer) can print the original document as it is.

  In the above description, it is assumed that the user uses the terminal 10 or 11 in common. However, the present invention can also be applied to the case where the terminal and the user are fixed and used on a one-to-one basis. Further, as ID as identification information, information specifying a user such as an IP address, a mail address, and a telephone number can be used. The security group itself may be used.

  In the above description, the description has been made on the premise that the document data is mainly printed. However, the present invention can be similarly applied to the transmission by e-mail, the storage of the document data, and the display of the document data as described above.

  For example, in the case of transmission by e-mail, the security group to which the creator ID of the document creator of the attached document data 304 belongs is regarded as the security group 61 of the document creator, and the terminal user ID (FROM) or destination ID is It can be similarly applied by regarding the security group to which the security group belongs as the security group of the document reference source. In the case of a mail text, the same applies if the mail sender is considered a document creator.

  Further, when storing document data in the FD, the security group to which the creator ID of the creator of the stored document data belongs is regarded as the security group 61 of the document creator. For example, “general” is the security of the document reference source. It is equally applicable by considering it as a group.

  Further, in the case of storing and displaying document data, it can be applied by setting a creation source and a reference source in the same manner as described above. A plurality of document creation sources and reference sources can be set using a plurality of management tables.

  As described above, according to the present embodiment, by setting various tables such as limit ranks, various restrictions can be set flexibly and regardless of the intention of the creator. Thereby, regardless of the output form of the document data, the output data can be flexibly limited, and it is possible to prevent information leakage and information outflow without impairing user convenience.

  In addition, regarding the printing, display, mail transmission, and the like of the created document data, detailed security management can be performed by combining the creator and the reference person, and information leakage can be prevented. Further, since it is not necessary to perform a special security process on the created document, it is possible to ensure a security level necessary for the organization without reducing the convenience for general users. Further, by changing the setting of the control table, it is possible to add fine security management processing, so that a highly scalable system can be created. Also, in this example, various control tables are provided in the server device 20 and an example of security control in the server device 20 has been shown. However, by distributing the same table to all terminals, the document providing device can also be used in each terminal. It is possible to perform similar security management.

It is a figure explaining the structure of the network which can apply the document provision server in this embodiment. It is a figure explaining the format of the document data used as a process target. It is a figure explaining the example of the command message and report message transmitted / received between a terminal and a server apparatus. It is a block diagram explaining the function of the printer server in a server apparatus. It is a figure explaining the information which should be set to each field in a command message. It is a figure explaining a security group table. It is a figure explaining a restriction rank table. It is a figure explaining an operation data server. It is a figure explaining the detail of a restriction rank definition table. It is a figure explaining the process in the case of printing a document to a printer via a server apparatus from a terminal. It is a figure explaining the detail of a print data analysis process.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10,11 Terminal 20 Server apparatus 21 Data transmission part 22 Data analysis part 23 Print control part 24 Spool 25 Print control table

Claims (13)

A document providing device that secures the security of the document content by outputting the document content with restrictions,
A control table storing ranks of restriction contents to be added to the output contents of the document, corresponding to a reference person ID representing a reference person who refers to the document and a creator ID representing the creator of the document;
An apparatus for providing a document, comprising: a data analysis unit that searches a control table based on a command from a user and obtains a rank of restriction contents to be added to the document contents. A document providing device that secures the security of the document content by outputting the document content with restrictions,
A security group to which a reference ID representing a reference referring to the document and a creator ID representing the creator of the document belong is set in advance, and the set security group is stored together with the reference ID and the creator ID. A control table having a restriction table storing a rank of restriction contents to be added to the output contents of the document for each security group to which the reference person belongs and the security group to which the creator of the document belongs;
An apparatus for providing a document, comprising: a data analysis unit that searches a control table based on a command from a user and obtains a rank of restriction contents to be added to the document contents. The document providing apparatus according to claim 1 or 2,
The data analysis unit outputs the document content with restrictions on the content of the document according to the acquired rank.   4. The document providing apparatus according to claim 3, wherein the restriction is processing of searching for a specific keyword from the document according to the acquired rank, and changing the searched keyword to another keyword to correct the document. A document providing apparatus characterized by being.    4. The document providing apparatus according to claim 3, wherein the restriction is processing for prohibiting output of the document according to the acquired rank.   4. The document providing apparatus according to claim 3, wherein the restriction is processing for prohibiting printing of the document according to the acquired rank. The document providing apparatus according to claim 1 or 2,
The document to be output is an e-mail, the creator ID of the body of the e-mail is set to a user ID representing the user of the terminal, and the reference ID is set to a destination ID representing the destination of the e-mail. Document providing device. The document providing apparatus according to claim 1 or 2,
The output document is an e-mail, the creator ID of the body of the e-mail is set to the user ID representing the user of the terminal, and the creator ID of the attached file is a creation representing the creator who actually created the attached file A document providing apparatus characterized in that a user ID is set and a referrer ID is set to a destination ID representing an e-mail destination.   A control table storing a reference ID representing a reference referring to a document output via a network and a rank of restriction contents to be added to the output contents of the document for each creator ID representing the creator of the document. A program for functioning as a data analysis means for retrieving a rank of restriction contents to be added to document contents by searching a control table based on a command from a user and a command from a user.   For each computer, a reference ID representing a reference referring to a document to be output via a network and a security group to which each of the creator IDs representing the creator of the document belongs are set in advance, and the set security group is referred to A means for storing a user ID table stored together with a creator ID and a creator ID, a restriction storing a rank of restriction contents to be added to the output contents of a document for each security group to which the referring person belongs and a security group to which a document creator belongs A program for functioning as a means for storing a table, and a data analysis means for searching the storage means based on a command from a user and obtaining a rank of restriction contents to be added to document contents. The program according to claim 9 or 10,
The document to be output is an e-mail, the creator ID of the body of the e-mail is set to a user ID representing the user of the terminal, and the reference ID is set to a destination ID representing the destination of the e-mail. Program to do. The program according to claim 9 or 10,
The output document is an e-mail, the creator ID of the body of the e-mail is set to the user ID representing the user of the terminal, and the creator ID of the attached file is a creation representing the creator who actually created the attached file A program characterized in that it is set to a person ID, and the referrer ID is set to a destination ID representing the destination of the e-mail. A document providing device that secures the security of the document content by outputting the document content with restrictions,
A control table storing ranks of restriction contents to be added to the output contents of a document, corresponding to information representing a security group to which a referrer referring to the document belongs and information representing a security group to which the creator of the document belongs,
An apparatus for providing a document, comprising: a data analysis unit that searches a control table based on a command from a user and obtains a rank of restriction contents to be added to the document contents.

Images