JP2007140846A - Data management system and data management method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a data management system and a data management method, allowing a user to easily confirm presence/absence of an access right to data wherein the access right is managed by the data management system by use of an RMS (Rights Management System). <P>SOLUTION: A document server 1100 and a client 1000 manage the data set with the access right by use of a policy management server 1200. It is decided whether or not policy is set to the data in reference to information related to the data held inside the document server 1200, and information of the policy management server issuing the policy is acquired. Next, information about the access right of the user to the data is inquired to the policy management server 1200, and the information about the access right of the user is acquired. The information related to the data is list-displayed on a screen together with the information about the access right of the user to the data. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a data management system and a data management method for managing a user's access right to data whose access right is managed using RMS (Rights Management System).

  In general, in a system for managing data such as documents and images (hereinafter referred to as “data management system”), an access right for each data is set for each user. Then, the access right of the user is determined at the time of access, and the operation is permitted or rejected. Examples of the access right mentioned here include a reference right, a read right, a write right, and a delete right. In addition, a combination of a plurality of combinations of users and access rights is referred to as a “policy”, and there is a technique for reducing the labor for setting access rights by assigning a policy to data such as a document.

  Furthermore, there is a method of displaying a list of documents of a plurality of document servers together with access rights (see, for example, Patent Document 1). According to the method of Patent Document 1, search results across a plurality of document servers can be displayed in a list together with access rights.

  The access right management by the conventional data management system as described above is effective only for documents inside the data management system. Therefore, for a document outside the data management system, for example, a method of encrypting the document, authenticating at the time of access, and confirming the access right is decrypted.

  Authentication / authorization (access right management) is often performed on a dedicated server. Access right management in this dedicated server is often performed with the above-mentioned policy. Therefore, hereinafter, the dedicated server is referred to as a “policy management server”. A system that realizes access right management using such a policy management server is called RMS (Rights Management System).

It is possible to store a document whose access right is managed using RMS in the data management system.
Japanese Patent Laying-Open No. 2005-085113

  However, in the conventional data management system as disclosed in Patent Document 1, it is not possible to confirm the access right managed by the RMS via a user interface (UI) such as a document list display screen. For this reason, the user cannot easily check the documents that he can access. Therefore, it is necessary for the user to check the access right by accessing the document one by one and inquiring the access permission to the policy management server, which is very inconvenient.

  The reason why the above problem occurs is that user authentication information of the policy management server is required when the data management system makes an inquiry to the policy management server. In order to eliminate this cause, it is necessary to request the user for authentication information to the policy management server and temporarily record the approximate authentication information. Therefore, the access right of the policy management server is acquired with the rough authentication information, and the result is displayed as a list via the UI.

  In consideration of such circumstances, the present invention provides a data management system and a data management method that allow a user to easily check whether or not there is access right to data whose access right is managed by the data management system using RMS. The purpose is to do.

In order to solve the above problems, the present invention provides a data management system for managing data for which access rights are set using a policy management server,
Holding means for holding the data together with information about the data;
A determination unit that determines whether or not an access right is set for the data with reference to the information about the data;
When an access right is set for the data, a first acquisition unit that acquires information of a policy management server that sets the access right;
Inquiry means for inquiring of the policy management server about information on the user's access right to the data with reference to the information of the policy management server;
Second acquisition means for acquiring information on the access right of the user to the data from the policy management server;
And display means for displaying information on the data together with information on the access right of the user to the data.

In order to solve the above-mentioned problem, the present invention provides a data management method in a system for managing data having access rights set together with information related to the data using a policy management server. ,
A determination step of determining whether an access right is set for the data with reference to the information about the data;
When an access right is set for the data, a first acquisition step of acquiring information of a policy management server that sets the access right;
An inquiry step of inquiring of the policy management server with reference to the information of the policy management server about information on a user's access right to the data;
A second acquisition step of acquiring information on the access right of the user to the data from the policy management server;
A display step of displaying information on the data on a display device together with information on an access right of the user to the data.

  ADVANTAGE OF THE INVENTION According to this invention, a user can confirm easily the presence or absence of the access right with respect to the data with which the access right is managed by the data management system using RMS, and a user's convenience can be improved.

  A preferred embodiment of a data management method in a data management system of the present invention will be described below with reference to the drawings by embodiments of a document management system that manages document data and an image forming apparatus that manages and forms images.

<< First Embodiment >>
In the present embodiment, an embodiment of the present invention will be described in detail by taking a document management system for managing document data as an example.

  FIG. 1 is a block diagram for explaining the configuration of a document management system and a policy management server according to the first embodiment of the present invention. The document management system according to this embodiment includes a client 1000 and a document server 1100 that operate on an operating system (OS) of a personal computer. The document server 1100 may be configured to connect a plurality of clients. Further, the document server 1100 and the client 1000 may be configured as a data management apparatus integrated in the information processing apparatus. An object of the document management system is to use an application to capture a document from a device (not shown) such as a scanner (original reading device) or a file on an OS and manage the document with a plurality of users. The policy management server 1200 manages control data called “policy” for controlling access to a document separately from the document management system. There may be a plurality of policy management servers. In the present embodiment, it is assumed that the client 1000, the document server 1100, and the policy management server are connected by a network such as a LAN configured by Ethernet (registered trademark) or the like.

<Client 1000>
First, a detailed configuration of the client 1000 will be described. The client 1000 can be broadly divided into a document input / output processing unit and a system internal processing unit.

[Document Input / Output Processing Unit]
First, a document input / output processing unit that performs document input / output and operations arranged in the client system will be described.

  As shown in FIG. 1, reference numeral 1001 denotes a user interface unit. A user performs various operations such as registration of a document, acquisition of a document from the document server 1100, and search of a document via the user interface unit 1001.

  Information operated from the user interface unit 1001 is analyzed by the command control unit 1002 and appropriate processing is performed. If necessary, a command for communicating with the document server 1100 is created here.

  The device control unit 1003 controls a device such as a scanner (not shown). The device control unit 1003 performs processing for downloading document data from the device side and receiving data transmitted from the device side.

  A document file saved under management by an OS such as a file system can be input to the document management system by the file control unit 1004 in a form of importing document data. Also, a process for exporting a file managed on the document server 1100 to the OS is performed here.

  The external module communication unit 1005 communicates with an external application, and performs processing such as passing a document in the document server 1100 to the external application and receiving a document from the external application. For example, a process of passing a document managed by a document server to a mailer corresponding to MAPI (Messaging Application Program Interface) is performed here.

[System internal processing section]
Next, various processing units arranged in the client 1000 will be described. The document management control unit 1006 performs processing according to the file or command passed from the input / output processing unit described above. The internal data storage unit 1007 stores temporary data. That is, it is a place for temporarily storing data created in the process of image processing, data created in the process of communication with the server, and the like.

  The communication control unit 1008 performs control for communicating with the document server 1100 and the policy management server 1200. The communication control unit 1008 in this embodiment performs only control specialized for the processing of the document server 1100 and the policy management server 1200, and the communication itself such as TCP / IP is controlled by the OS. is doing.

<Document Server 1100>
Next, a detailed configuration of the document server 1100 will be described. The document server 1100 can be broadly divided into a system internal processing unit and a database processing unit.

[System internal processing section]
First, various processing units arranged in the system of the document server 1100 will be described.

  The communication control unit 1101 controls communication with the communication control unit 1008 of the client 1000 and the communication control unit 1201 of the policy management server. The communication control unit 1008 of the document server 1100 can perform simultaneous communication with the communication control units of a plurality of clients.

  A document management processing unit 1102 controls processing on the document server 1100 side in response to an instruction from the client 1000. The internal data storage unit 1103 stores temporary data. That is, the internal data storage unit 1103 is a place for temporarily storing data and the like created in the process of communication with the client 1000. The internal data storage unit 1103 also stores authentication information caches in the policy management server 1200.

  The search control unit 1104 performs a process for searching requested by the client 1000, or performs a process for creating a search index for a registered document. The policy data processing unit 1105 determines whether or not there is a policy attached to the document, and performs processing for transmitting and confirming the policy data to the policy management server 1200. Further, the policy data processing unit 1105 is a part that processes an available authority list received from the policy management server 1200 and returns a policy confirmation result to the document management processing unit 1102. The policy data processing unit 1105 depends on the specification of the policy management server 1200.

[Database processing section]
Next, a database processing unit arranged in the system of the document server 1200 will be described.

  The database control unit 1106 creates data to be saved in the database, and performs processing for saving documents corresponding to the volume database, the attribute database, and the full-text search database. Further, the database control unit 1106 performs processing for extracting data from each database and creating a document to be passed to the client 1000 in response to a request from the client 1000.

  The volume database 1107 is a database that stores document entities. The volume database 1107 is conceptual and may be an OS file system. The attribute database 1108 is a database in which information about attributes such as a document name, creation date, and comments is stored. The attribute database 1108 also stores an access right manager for each document, access ID, policy management server 1200 information, policy ID, and policy management server 1200 policy information cache.

  In the full-text search database 1109, data obtained by using text data extracted from a registered document as index information is registered. When the full text search is performed by the client 1000, the full text search database 1109 is searched.

<Policy management server 1200>
Next, a policy management processing unit arranged in the policy management server 1200 will be described.

  The communication control unit 1201 performs control for communication with the communication control unit 1101 and the like in the system of the document server 1100. Note that the communication control unit 1201 of the policy management server 1200 can perform communication simultaneously with the communication control units of a plurality of clients.

  The policy management control unit 1202 performs processing according to the command passed from the communication control unit 1201. The policy issuing unit 1203 creates a policy. The database control unit 1204 creates data to be saved in the database and performs processing to save it in the policy management database 1205. In response to a request, processing is performed to extract data from each policy management database 1205 and create a document to be passed to the client 1000. The policy management database 1205 is a database in which policy information and user information managed by the policy management server 1200 are stored.

<Document data and related information>
FIG. 2 is a conceptual diagram of the data structure of information relating to documents registered in the attribute database 1108 in the document server 1100.

  In FIG. 2, 2001 indicates the route of the attribute database, and all registered data registered in the database is child data of the route 2001. Reference numeral 2002 denotes folder data, which is folder data for the user to store data. Folder data 2002 includes a folder ID, folder attribute information, and a parent folder ID. Since a plurality of folders can exist, the uppermost folder is registered as child data connected directly under the root as shown in 2003. In addition, the parent folder of the highest folder is root 2001.

  Reference numeral 2004 denotes document data, which exists as child data of the stored folder. The document data includes a document ID and document attribute information, a search index ID, a volume data ID, and a parent folder ID. Data such as a document name, update date and time, and comment data are stored as the document attribute information. The search index ID is an ID used by the full-text search database to distinguish documents. When a search engine is instructed to search for a keyword, the corresponding search ID is returned. The volume data ID is an ID registered in the volume database, and information related to a document can be extracted from each database using the ID. Since a plurality of document data can exist under the folder, the document data is registered as many as the number shown in 2005.

  FIG. 3 is a diagram showing a part of document attribute information held by the document management system. The information shown in FIG. 3 is stored in the attribute database 1108.

  In FIG. 3, the document ID is an ID assigned to the document, and is a unique value in the entire document management system. The parent folder ID is an ID of a folder in which those documents are included. Note that the document name of the document is used as the document name.

  The access right manager is a subject that controls the access right to the document, and takes the value of either the document management system or the policy management server 1200 here. The access right ID is set when the access right to the document is controlled by the document management system 1200. The policy management server information is the IP address of the policy management server that is set when the access right to the document is controlled using an external policy management server. The policy ID is a policy ID in the policy management server that is set when the access right to the document is controlled using an external policy management server. By using the policy ID, a policy can be specified from among a plurality of policies managed in the policy management server.

  FIG. 4 is a diagram showing access right information held by the document management system. The access right information shown in FIG. 4 is stored in the attribute database 1108. When the access right to the document is controlled by the document management system, the document management system refers to this information. There are four types of access rights: a delete right, a write right, a read right, and a reference right, and the access rights are strong in this order. That is, the delete right includes a write right, a read right, and a reference right.

  When the combination of the access right ID and the user ID does not exist in the access right information, it is assumed that the user does not have any access right for the document to which the access right ID is assigned.

  FIG. 5 is a diagram showing a cache of policy information of the policy management server 1200 held by the document management system. The cache shown in FIG. 5 is stored in the attribute database 1108. This cache is a partial copy of policy information held by the policy management server 1200, and is added each time policy information is acquired. When a policy change is notified from the policy management server 1200, the cache of the corresponding policy information is deleted.

  FIG. 6 is a cache of authentication information in the policy management server 1200 held by the document management system. This information is stored in an internal data storage unit 1103 that stores temporary data. This information is used so that authentication information for the policy management server 1200 is not repeatedly requested from the user.

  The authentication information may be held as a credential, or may be held as a combination of a user name and a password. When the authentication information is included as the credential, the expiration date of the authentication information is controlled by the management control unit 1202 of the policy management server 1200. On the other hand, when the authentication information has a combination of a user name and a password, the expiration date of the authentication information is controlled by the document management control unit 1102 of the document management system. In the present embodiment, the credential is some information used when the user authenticates to the policy management server. Credentials include, for example, information for proving the user, an encryption key used when performing an authentication session with the policy management server, signature information, and the like. Although the password is managed as an item different from the credential in FIG. 6, the password may be managed as one of the credentials.

  In addition, information is added to this information when authentication to the policy management server 1200 is successful. And this information is deleted when the authentication is invalidated.

<Document registration process>
FIG. 7 is a flowchart for explaining a basic processing procedure when registering a document. The present embodiment is characterized in that policy information is recorded. This is an implementation for suppressing deterioration in processing speed due to extraction of policy information when displaying a list of documents. The flowchart in FIG. 7 is executed by a CPU (not shown) of the document server 1100.

  First, the document management control unit 1102 stores the document in the volume database 1106 (step S701). Next, the document management control unit 1102 assigns a document ID to the document, and stores the document attribute information, search index ID, volume data ID, and parent folder ID shown in FIG. 2 in the attribute database 1108 (step S702).

  Then, the policy data control unit 1104 acquires information for determining whether or not a policy is assigned to the document (step S703). Information for determining whether or not a policy is assigned may be referred to, for example, if the document is provided with a flag indicating the presence or absence of the policy. Further, it may be referred to whether or not the IP address of the policy management server to be referred to is described in the document. Further, it may be referred to whether an identifier for specifying the document to be used in the policy management server is described in the document. Then, the acquisition result is determined (step S704). As a result, if a policy is assigned to the document (Yes), the process proceeds to step S705. If not (No), the process proceeds to step S706.

  In step S705, the policy data control unit 1104 acquires the policy management server information of the document. Then, the policy management server 1200 is accessed based on the acquired policy management server information, and the policy ID of the document is acquired. Furthermore, access right information corresponding to the policy ID is also acquired. Here, only one of the policy ID and the access right information corresponding to the policy ID may be acquired without acquiring both. Then, the process proceeds to step S706.

  In step S706, the document management control unit 1102 stores the access right manager, access right ID, policy management server information, and policy ID shown in FIG.

  Depending on the embodiment, it may not be necessary to extract the policy information in advance. In this case, the processes in steps S703 to S706 may be executed in a list display process for documents in a folder, which will be described later, or at any other timing.

<Document list display processing>
FIG. 8 is a flowchart for explaining a basic processing procedure of the list display processing of documents in the folder. In this embodiment, the document server 1100 communicates with the policy management server 1200 to acquire the access right of the document to which the policy is added. A list of documents in the folder including the acquired access right information is displayed on the user interface 1001 of the client 1000 in association with the document name and the like. In this flowchart, steps S801 to S816 are executed by a CPU (not shown) of the document server 1100, and step S817 is executed by a CPU (not shown) of the client 1000.

  First, the document management control unit 1102 acquires a document list that belongs to a folder for which a list is displayed (step S801). At this time, the document list is acquired from the attribute database 1108 through the database control unit 1106. Hereinafter, when acquiring information in the attribute database 1108, the same processing is performed. Then, the processes in steps S803 to S816 are repeated for each document in the document list obtained in step S801.

  In step S803, the document management control unit 1102 acquires an access right manager for the document, and determines the access right manager. As a result, if the access right manager is the policy management server, the process proceeds to step S804. On the other hand, if the access right manager is a document management system, the process advances to step S814.

  In step S804, the document management control unit 1102 acquires the policy management server information and policy ID of the document. Next, the document management control unit 1102 determines whether or not the access right of the operation user for the policy is registered in the access right information (step S805). As a result, when the access right is registered (Yes), the process proceeds to step S815. On the other hand, if the access right is not registered (No), the process proceeds to step S806. Note that step S804 and step S813, which will be described later, are intended to reduce the amount of communication and improve the responsiveness by suppressing the number of access rights inquiries to the policy management server 1200.

  In step S 806, the document management control unit 1102 determines whether the authentication information of the policy management server 1200 of the operating user is registered in the authentication information cache in the policy management server 1200. As a result, if registered, the process proceeds to step S809. On the other hand, if not registered, the process proceeds to step S807. Note that Step S806 and Steps S811 and S812, which will be described later, are intended to reduce the number of authentication information requests to the user and improve convenience.

  In step S807, the document management control unit 1102 requests authentication information for the policy management server 1200 from the user through the communication control unit 1101. This request is finally transmitted to the user interface 1001 of the client 1000 and becomes an inquiry to the user.

  In step S <b> 808, the user interface 1001 of the client 1000 receives authentication information for the policy management server 1200. Then, the policy data processing unit 1104 inquires the access right for the operation user of the document (step S809). This is an inquiry to the policy management server 1200 through the communication control unit 1101. At this time, an inquiry is made with the authentication information input in step S808 or the authentication information acquired from the cache in step S806.

  In step S810, the document management control unit 1102 determines whether the inquiry in step S809 has been successful. As a result, if the inquiry is successful (Yes), the process proceeds to step S812, and if the inquiry fails (No), the process proceeds to step S811. In step S811, when the authentication information of the policy management server 1200 of the operating user is registered in the authentication information cache in the policy management server 1200, the document management control unit 1102 deletes the information. This is because there is a high possibility that the authentication information is already invalid. Then, the process returns to step S807.

  On the other hand, in step S812, the document management control unit 1102 registers the authentication information of the policy management server 1200 in the authentication information cache in the policy management server 1200. Next, the document management control unit 1102 registers the access right of the operating user for the policy acquired by the inquiry in step S809 in the access right information (step S813). Then, the process proceeds to step S815.

  In step S814, the document management control unit 1102 acquires the access right of the operating user for the document from the access right information, and the process advances to step S815.

  In step S815, the document management control unit 1102 records the access right of the document acquired in step S805, step S809, or step S814 in the internal data storage unit 1103 that stores temporary data.

  The processes in steps S803 to S815 described above are repeated for each document in the document list obtained in step S801.

  Thereafter, in step S817, the document management control unit 1102 refers to the temporary data recorded in step S815 and displays a list of documents in the folder and their access rights. At this time, the document without access right is not displayed.

  FIG. 27 shows a list display example of documents in a folder displayed on the user interface 1001 of the client 1000 by executing the flow of FIG.

  The document list display 2700 includes, as items, a document name 2702, a document size 2704, a policy 2706, and an update date 2708. Other items may be displayed on the document list display 2700, and which items are displayed may be set in advance according to a user instruction.

  The access right information acquired from the policy management server 1200 by the document server 1100 by executing the flowchart of FIG. 8 is displayed in the policy 2706.

<< Second Embodiment >>
Next, a data management system including an image processing apparatus as a data management apparatus that has a function of accessing a server connected to a network and forms an image according to an access right associated with a document will be described as an example.

  In recent years, due to laws and regulations such as the Personal Information Protection Law, companies are required to take various measures to prevent leakage of business information. While electronic documents are very convenient for exchanging information, there is a great risk of information leakage due to high distribution.

  By using an application used to create an electronic document, it becomes possible to set an expiration date and access right for the electronic document in more detail. For example, in an electronic document such as PDF (Portable Document Format), not only the reference and change of the electronic document but also the expiration date of the electronic document, the printing of the electronic document, and the access right to the printing specification can be set. Here, the term of validity indicates a time limit for accessing an electronic document. Here, the access right for printing indicates that the user who handles the electronic document performs control of permission or prohibition of printing, and the access right for the printing specification means, for example, that watermark printing is always performed at the time of printing. Control to perform is shown. In addition, by cooperating with the user authentication system, it is possible to set the user who uses the electronic document in more detail.

  One method for managing information such as access rights applied to such electronic documents is a centralized management method. The centralized management method is a method in which a server on a network has an access right information database and the access right information for electronic documents is collectively managed by the server. In this method, in particular, since the creator of the electronic document can change the security policy at any time after the electronic document is distributed, the company can manage and monitor access regardless of where the electronic document is located.

  In this case, each electronic document holds license information (for example, a document ID for specifying the document) corresponding to access information held on the server, and information for specifying the server (server IP address, etc.). Has been. When using an electronic document, the access right information held in the server is acquired based on the license information, and the access right is applied to the electronic document. When an electronic document is copied and distributed, the copied document has the same license information, so even if the access right is changed, it is possible to give the same access right to all the copy destination documents. . In the centralized electronic document management method, the access right can be changed dynamically, but it is necessary to be connected to a network where the server exists.

  Conventionally, there has been known an image processing apparatus having a function (so-called box function) capable of printing out image data obtained by developing PDL data sent from a host computer via a network into a bitmap as follows. It has been. One such image processing apparatus is a digital multi-function peripheral (MFP). In the device, documents (image data) are stored in a non-volatile memory such as a hard disk in the device, a list of those documents is displayed on the operation panel, and the user selects an arbitrary document (image data). Read the selected document from. The box function also has a function of storing a document (image data) obtained by reading a document image by a scanner (document reading device) of the image processing apparatus in a hard disk or the like.

  Some of these image processing apparatuses can be connected to a finisher equipped with a finishing function such as stapling, punching, folding, bookbinding and the like. In such an image processing apparatus, the setting of the finishing function, the allocation of images such as both sides, and the like are stored in the memory as job information simultaneously with the storage of the input image data. It has a box function for printing out based on these job information asynchronously with image input. In such an image processing apparatus, a plurality of storage areas (hereinafter referred to as “boxes”) are prepared in the hard disk so that they can be used for each user or each department. The user can specify an arbitrary box and save the image data and job information as a job document (hereinafter also referred to as a document).

  The electronic document access management described above must be performed for all devices that can use or store the electronic document. That is, conventionally, there is an image processing apparatus provided with a large-capacity hard disk (HDD), but it is necessary to similarly grant an access right to an electronic document (image data) stored in the image processing apparatus. .

  The image processing apparatus receives PDL (page description language) data from the host computer via the network, develops the PDL data into a bitmap image (image data), and stores it in a box. At that time, by storing access right information and license information as attribute information of the image data, the image forming apparatus can apply the access right to the image data during processing such as printing of the image data. is there.

  That is, in order to take advantage of the access management of the electronic document described above, collaboration between the system for managing the access right information and a digital multi-function peripheral that is an image processing apparatus that plays a central role in the office is desired. Yes.

  However, it is difficult for the user to understand whether or not there are restrictions on various operations and access to each electronic document when a list is displayed on the operation panel or the like so that the user can use the document stored in the box of the image processing apparatus. Invited. For this reason, the user's work efficiency may be reduced.

  In addition, not all electronic documents stored in the box are necessarily managed by access. Some documents allow free access and are not considered to be managed by access. There was a problem that it was difficult to distinguish.

  Furthermore, when the creator of an electronic document extends the expiration date after the electronic document is distributed, the document that has expired (expired) at a certain timing for the user will be restored later. There was a problem of wanting to know easily that it was resurrected.

  Therefore, when displaying a list of documents in a box on the operation panel of the image processing apparatus, according to information such as the access right of each document, it is displayed together with restrictions such as whether access is possible, and access restrictions are set for the user in advance. Make it recognizable. Accordingly, an object of the present invention is to provide an image processing apparatus that improves the user's work efficiency. Also provided is an image processing apparatus capable of displaying a list of documents efficiently reflecting the latest access information.

  In the present embodiment, an image processing apparatus as a digital multi-function apparatus having a plurality of functions (also referred to as modes) such as a copy function, a print function, and a facsimile function, and an image processing system (hereinafter referred to as a system) including the apparatus. )) As an example.

  FIG. 9 is a block diagram showing a schematic configuration of an image forming system according to the second embodiment of the present invention. As shown in FIG. 9, in the image processing system according to this embodiment, an image processing apparatus 101, a host computer 102, a user authentication server 103, and a security policy server 104 are connected to each other via a network 105.

  Using the host computer 102, the user can create and edit an electronic document, and set an expiration date and access right information for the electronic document. The host computer 102 can also transmit job data for printing the created electronic document to the image processing apparatus 101 via the network 105.

  Further, the user authentication server 103 has a database that holds user information, confirms the legitimacy of a user who attempts to log in to the host computer 102 or the image processing apparatus 101, and performs user authentication. When there is a user login request at the host computer 102 or the image processing apparatus 101, the host computer 102 or the image processing apparatus 101 transmits user information to the user authentication server 103 to request user authentication. If the user authentication server 103 confirms the validity of the user information, the user can log on to the host computer 102 or the image processing apparatus 101.

  FIG. 21 is a diagram for explaining access right information held by the security policy server 104. The electronic document itself holds license information of the electronic document. As shown in FIG. 21, the access right information includes a document license ID 1301, a user name 1302, and an access right 1303.

  The document license ID 1301 is an ID for identifying a document included in the license information of each electronic document, and is also referred to as a document ID. A user name 1302 indicates a name uniquely given to a user who uses a document, and is managed by the user authentication server 103. The access right 1303 is set for each user. Here, in this embodiment, the access right is set for each user, but the access right may be set for a group to which the user belongs. In the access right 1303, permission / prohibition for an operation of referring to, changing, deleting, copying, and printing an electronic document, and an expiration date are defined. The column with a circle “◯” in FIG. 21 indicates “permitted”.

  A user who is not listed does not have any access right to the document. For example, in FIG. 21, the user B has no access right for the document whose document license ID is # 00003.

  FIG. 22 is a diagram illustrating an example of license information. The access right information held in the security policy server 104 is managed for each license ID of the electronic document. When using an electronic document, the security policy server 104 is requested to acquire access right information for the electronic document based on the license information held by the electronic document.

  The electronic document itself may hold not only license information but also access right information. In this case, for example, in a case where the server that manages the access right information cannot be accessed due to some factor, a system that substitutes the access right information held in the electronic document itself can be provided.

  The image processing apparatus 101 has a plurality of modes (a plurality of functions) such as a copy mode, a print mode, and a facsimile mode. Then, the image processing apparatus 101 can print-process job data read by the scanner engine of the own apparatus using a printer engine included in the own apparatus via a storage unit such as a hard disk included in the own apparatus. The image processing apparatus 101 also processes job data output from the host computer 102, job data output from another image processing apparatus (not shown), data output from an Internet facsimile apparatus (not shown), and the like. can do. Further, the image processing apparatus 101 has a configuration capable of transferring the job data to another apparatus via a communication unit included in the apparatus and executing various output processes.

  Further, the image processing apparatus 101 can print or store a document image read by a scanner (document reading apparatus) included in the image processing apparatus 101 in a hard disk. Further, the image processing apparatus 101 includes an automatic document feeder (so-called ADF) that can automatically and sequentially read a plurality of documents from the top page side in the scanner engine of the apparatus itself. Furthermore, the image processing apparatus 101 includes a plurality of paper feed units (paper feed cassettes) in its own printer engine. Then, recording media of different media types (for example, different types of recording paper, types of recording paper, etc.) can be stored for each paper feed unit. Optionally, a sheet can be fed from a sheet feeding unit desired by a user and printed by a printer engine.

  Furthermore, the image processing apparatus 101 has a so-called sort function for performing a sorting process of recording sheets printed by the printer engine and a stapling function for performing a stapling process on the recording sheets. Furthermore, the image processing apparatus 101 has a punch function for performing punching processing (also referred to as “perforation processing” or “punch processing”) on recording paper printed by the printer engine, and recording paper printed by the printer unit. Saddle stitch function for performing folding processing and bookbinding processing is provided. The image processing apparatus 101 includes a finisher as a sheet processing apparatus for executing the various sheet processing functions described above in the printer engine.

  FIG. 10 is a block diagram illustrating an internal configuration of the image processing apparatus 101. In FIG. 10, 201 is a CPU that controls the entire apparatus and performs various calculations, 202 is a ROM that stores a program that controls the entire apparatus, and 203 is a RAM that is used as a work area of the CPU 201 or as a buffer. In FIG. 10, reference numeral 204 denotes an HDD that stores a large amount of data and image data to be saved even when the power is turned off, and 205 denotes a communication interface (communication I / F) that serves as an interface with the network 105.

  Further, in FIG. 10, reference numeral 206 denotes a scanner engine that performs image reading processing from an original document, and 207 denotes a printer engine that performs processing for printing image data on a recording medium such as recording paper. Furthermore, in FIG. 10, 208 is provided with a touch panel type liquid crystal panel, various keys, etc., an operation panel for displaying information to the user and receiving an instruction input from the user, and 209 for connecting the above components to each other. An internal bus that transmits and receives data.

  FIG. 11 is a diagram showing an example of the key arrangement of the operation panel 208 of the image processing apparatus 101 according to the second embodiment of the present invention. As shown in FIG. 11, the operation panel 208 includes a numeric keypad 301, a start key 302, a touch panel type liquid crystal screen 303, a copy mode key 304, a box mode key 305, a transmission / fax mode key 306, and an extended mode key 307. .

  The numeric keypad 301 is used when inputting numerical values. A start key 302 is used to instruct the start of copying or the start of scanning. The mode keys 304 to 307 are also used when calling various function screens displayed on the liquid crystal screen 303 described later. A copy mode key 304 is used when selecting a copy function. A box mode key 305 is used when a box function is selected from a plurality of functions.

  The box function provides a storage area (this is referred to as a “box”) to the HDD in the image forming apparatus for each individual user or department, and stores image data obtained by developing PDL data or scanned image data therein. To do. This is a function that allows the user to perform various processes such as printing the image data at an arbitrary timing. A transmission / fax mode key 306 is used when data such as a document or job data is transmitted to a host computer or another device via a network. The extended mode key 307 is used when an operation is performed on PDL data.

  Reference numeral 308 denotes an ID key, which is used when shifting to an ID input mode for user authentication when using a copying machine. The liquid crystal screen 303 functions as an LCD touch panel in which a touch sensor is combined with an LCD, and an individual setting screen is displayed for each mode. Various detailed settings can be made by the user touching a key or the like displayed on the liquid crystal screen 303. Further, the user can see the operation status of the job executed by the screen displayed on the liquid crystal screen 303.

  The operation panel 208 is not limited to a touch panel UI, and may be configured to allow key operations using a pointing device such as a mouse operation, such as a printer driver. In any case, any configuration may be used as long as it can serve both as a display function for displaying various types of information and as an operation instruction function for inputting instructions from various users.

  FIG. 12 is a diagram illustrating an example of a logical usage method of the image data storage area in the HDD 204. In the present embodiment, the image data storage area in the HDD 204 is divided into a temporary area 401 and a box area 402 according to usage.

  The temporary area 401 is, for example, a storage area that changes the output order of image data or enables output in a single scan even when outputting a plurality of copies. The temporary area 401 is also a storage area for temporarily storing data before storing it in a box area or the like, or temporarily storing image data that has been developed in PDL, image data from a scanner, or the like. In either case, the data stored in the temporary area is deleted after the processing is completed.

  The box area 402 is a storage area for using the box function, and is divided into a plurality of smaller storage areas (boxes) 403 to 406 as shown in FIG. Boxes 403 to 406 are assigned to each department such as each user or company. The user can save a PDL job or a scan job as a job document in each box by designating the box. Along with the job document, job information and license information of the job document are also stored.

  Then, the user selects a box function by pressing a box mode key 305 on the operation panel 208. Then, the user can actually check the job document (file) in the box, and can perform various processes such as job setting change, print output, and job transfer.

  FIG. 13 is a flowchart for explaining a processing procedure when the user stores an electronic document in a box of the image processing apparatus 101. In FIG. 13, processing is divided into rectangles 501 and 502, where 501 indicates processing in the host computer 102 and 502 indicates processing in the image processing apparatus 101.

  First, when a user requests use of an electronic document in the host computer 102 (step S501), the host computer 102 displays a screen for prompting input of a user name and password as shown in FIG.

  FIG. 20 is a diagram illustrating an example of an input instruction screen displayed on the screen of the host computer 102. Then, the user inputs his / her user name and password on the screen (step S502). As a result, the host computer 102 requests the user authentication server 103 to confirm the validity of the user (step S503). As a result, when the validity is confirmed (Yes), the user login is successful. If the login is not successful (No), the host computer 102 displays an error message indicating that the login is not possible (step S505) and ends.

  If the login is successful, the host computer 102 transmits license information attached to the document to the security policy server 104 (step S506), and acquires access right information corresponding to the license information (step S507).

  Next, in the host computer 102, the user requests the image processing apparatus 101 to store an electronic document in a box (step S508). Then, the host computer 102 confirms the expiration date and access right for printing of the user from the access right information acquired in step S507 (step S509).

  As a result, if the expiration date has passed or printing is not permitted for the user, it is determined that printing is not possible (No), and the host computer 102 displays an error message to that effect (step S510) and ends. On the other hand, if it is within the expiration date and printing is permitted by the user (Yes), the host computer 102 generates print data in accordance with the access right of the user (Step S511). When the print data is generated, the print data is transmitted to the image processing apparatus 101 together with the license information attached to the electronic document (step S512).

  The image processing apparatus 101 determines that the received job is a job stored in a box, and converts the print data into image data (step S513). Then, the license information sent together with the print data is attached and stored in the box designated by the user (step S514).

  FIG. 14 is a diagram illustrating an example of a screen displayed on the liquid crystal screen 303 when the box mode key 305 of the operation panel 208 is pressed. This screen is a screen for allowing the user to select a box. In FIG. 14, 601 displays various information such as the box number, box name, or how much capacity the job document in the box occupies in the box area 402 of the HDD 204. Reference numerals 602 and 603 are vertical scroll keys, which are used to scroll the screen when more boxes than the number displayed in 601 are registered. A return key 604 is pressed when returning to the initial screen.

  When the user presses one of the box numbers on the screen displayed on the liquid crystal screen 303 shown in FIG. 14, the display transitions to the in-box screen shown in FIG. 15, and the user enters the job document in each box. It becomes accessible.

  FIG. 15 is an example of the in-box screen displayed on the liquid crystal screen 303 of the operation panel 208. In FIG. 15, reference numeral 701 denotes a list of job documents stored in the box, and a list of job document names of the job documents is displayed. At that time, the expiration date and access right of each job document are checked and reflected in the list display accordingly.

  First, it is displayed whether each job document is access-managed. In other words, an “access management” mark is displayed on a job document that is access-managed. For example, in FIG. 15, it is understood that “Organization chart_2004”, “Organization chart_2005”, and “Planning plan” are managed. On the other hand, the “access management” mark is not displayed in the “year-end party” and the “social gathering”, and it is understood that these are not managed. Any job document whose access is not managed can be freely accessed by anyone.

  If there is a job document whose expiration date has passed, the job document is grayed out with an “invalid” mark displayed. For example, in FIG. 15, the job document “Organization Chart_2004” has expired, and therefore an “expired” mark is added and grayed out.

  In addition, if there is a job document that is within the expiration date but the user does not have access rights, the job document is grayed out. In FIG. 15, a job document “plan” corresponds to this. Note that the user cannot select a job document displayed in gray out.

  In order to select a desired job document, the job document name of the job document is pressed. As a result, the currently selected job document is displayed in reverse video. For example, in FIG. 15, the job document “Social gathering” is displayed in black and white inversion, indicating that this “social gathering” is the selected job document. Note that the toggle display operation is performed, and the selection may be canceled when the job document name once selected is pressed again.

  In FIG. 15, reference numeral 702 denotes a scan key, which is used when an image is input as a job document from a scanner into a currently opened box, and transits to a scan setting screen (not shown). Reference numeral 703 denotes a print key which is used when printing the job document selected in 701, and shifts to a print setting screen (not shown).

  A setting change key 704 is a key for changing the print setting of the selected job document. However, it is assumed that the setting change key 704 can be pressed only when there is one selected job document. Note that setting change items in the setting change key 704 include addition of the number of prints and a print mode.

  On the other hand, reference numeral 705 denotes an erase key, which is used when the job document selected in 701 is erased. Reference numeral 706 denotes an update key, which is used when the access information is reacquired from the security policy server 104 and the display contents of the list of job documents displayed in 701 are updated to the latest information. Further, reference numerals 707 and 708 respectively denote up and down scroll keys, which are used to scroll the screen 701 when a number of job documents exceeding the display of 701 are registered. Reference numeral 709 denotes a return key, which is used to return to the screen shown in FIG.

  FIG. 16 is a flowchart for explaining a processing procedure for printing an image stored in a box by the user. This flowchart is realized by the CPU 201 of the image processing apparatus 101 loading a program stored in the ROM 202 or the HDD 204 into the RAM 203 and executing it. When the user presses the ID key 308 to request use of the device in the image processing apparatus 101 (step S801), a screen for prompting the user name and password input as shown in FIG. .

  When the user inputs his / her user name and password (step S802), the image processing apparatus 101 inquires the user authentication server 103 for confirmation of the user's validity based on the user name and password (step S803). Then, whether or not the login is successful is determined based on whether or not the validity is confirmed (step S804). That is, if the validity is confirmed, it is determined that the user has successfully logged in (Yes), and the process proceeds to step S806. On the other hand, if the login is not successful (No), the image processing apparatus 101 displays an error message indicating that the user cannot log in (step S805) and ends.

  If the login is successful (Yes), the image processing apparatus 101 allows the user to use the device and displays an initial screen on the operation panel 208. When the user presses the box mode key 305, the liquid crystal screen on the operation panel of the image processing apparatus 101 becomes a box selection screen as shown in FIG. Further, when the user selects a box to be processed on the liquid crystal screen (step S806), access information of all job documents in the box is acquired from the server (step S807). Details of the process of acquiring this access information from the server will be described later.

  Then, referring to the acquired access information, a list of job documents in the selected box as shown in FIG. 15 is displayed (step S808). Details of the process for displaying the list of job documents will be described later. Then, the user selects a job document to be processed on the job document selection screen shown in FIG. 15 displayed on the operation panel 208 and displays it in black and white reverse display (step S809). Then, the user presses the print key 703 to make a print request for the job document (step S810). As a result, the image processing apparatus 101 refers to the acquired access right information, and checks whether or not the user has access right for printing and the expiration date (step S811).

  As a result, if the logged-in user does not have the print access right or the expiration date has passed, it is determined that printing is not possible (No), and the image processing apparatus 101 displays an error message indicating that printing is not permitted. (Step S812) and the process ends. On the other hand, when printing is permitted (Yes), the image processing apparatus 101 performs printing (step S813).

  Next, details of the access information acquisition processing in step S807 in FIG. 16 will be described with reference to FIG. FIG. 17 is a flowchart for explaining a processing procedure for acquiring access information of all job documents in the box selected by the user from the server.

  Of the job documents in the box selected by the user, attention is paid to the first job document (step S901). Then, referring to the access information storage table, it is checked whether or not the job document is access-managed, that is, whether or not a license ID exists (step S902). Here, if the license ID is “none” (No), it indicates that the job document is not managed by access, so it is confirmed whether or not all job documents in the box have been processed (step S906). . If the process has been completed in step S906 (Yes), the process ends. On the other hand, when there is still a job document remaining (Yes), attention is paid to the next job document (step S907), and the above-described processing of step S902 is repeated.

  In step S902, if the license ID exists (Yes), it indicates that access management is being performed, so the license information held together with the job document is transmitted to the security policy server 104 (step S903). . Next, access right information corresponding to the document and the user is acquired (step S904). Then, the acquired access right information is stored in the access information storage table (step S905).

  Then, it is confirmed whether or not all job documents in the box have been processed (step S906), and if completed, the process ends. On the other hand, when there is still a job document remaining (Yes), attention is paid to the next job document (step S907), and the above-described processing of step S902 is repeated.

  With this access information acquisition process, access information is acquired from the server for all job documents in the box selected by the user, and the latest information is stored in the access information storage table.

  FIG. 19 is a diagram illustrating an example of the access information storage table. FIG. 19 shows the access information of the job document stored in box number 2. As shown in FIG. 19, the access information storage table includes areas of a box number 1101, a job document name 1102, a document license ID 1103, a user name 1104, and an access right 1105.

  The document license ID 1103 is an ID for identifying a document included in the license information of each electronic document. Here, depending on the electronic document, there is a document that is not access-managed in the first place, and “none” is stored in the case of a document that is not access-managed.

  A user name 1104 indicates a name uniquely given to a user who uses a document, and is managed by the user authentication server 103. The access right 1105 is set for each user. In this embodiment, the access right is set for each user, but the access right may be set for a group to which the user belongs. In the access right 1105, permission / prohibition for an operation of referring to, changing, deleting, copying, and printing an electronic document, and an expiration date are defined. The column with a circle “◯” in FIG. 19 indicates “permitted”.

  A user who is not listed does not have any access right to the document. For example, in FIG. 19, the user B has no access right for the document whose document license ID is # 00003.

  Next, a detailed processing procedure for displaying a list of job documents in step S808 in FIG. 16 will be described. FIG. 18 is a flowchart for explaining processing for displaying a list of job documents in the selected box. This process operates with reference to the access information stored in the access information storage table in FIG.

  First, attention is focused on the first job document among the job documents in the box selected by the user (step S1001). The focused job document name is displayed on the operation panel (step S1002). Then, the information of the job document is referred to from the table (step S1003), and it is checked whether the job document is access-managed, that is, whether the license ID exists (step S1004). Here, when the license ID is “none”, this indicates that the job document is not managed for access. Therefore, it is confirmed whether or not all job documents in the box have been processed (step S1005), and if completed (Yes), the process ends. On the other hand, if there is still a job document remaining (No), pay attention to the next job document (step S1006) and repeat the processing from step S1002 described above.

  On the other hand, if the license ID exists in step S1004 (Yes), it indicates that access management is being performed, so an “access management” mark is displayed to the right of the job document name (step S1007). Then, it is checked whether it is within the expiration date (step S1008). As a result, if it is within the expiration date (Yes), it is checked whether or not the user has any access right (step S1009). If the user has at least one access right among reference, change, delete, copy, and print (Yes), the process advances to step S1005 to check whether or not all job documents have been processed.

  On the other hand, if the expiration date has passed in step S1008 (No), the “revocation” mark is displayed to the left of the job document name (step S1010), and the job document name and the access management mark are grayed out. (Step S1011). Thereafter, the process proceeds to step S1005, where it is confirmed whether or not all job documents have been processed.

  On the other hand, if it is determined in step S1009 that the user does not have any access right (No), the process proceeds to step S1011 and the process proceeds to a process of graying out the job document name and the access management mark.

  With this job document list display process, the following display is possible for all job documents in the box selected by the user. That is, according to the information in the access information storage table, a list of job documents to which “access management” mark, grayout, “revocation” mark, etc. are added is displayed.

  As described above, in the second embodiment, before the job document list is displayed, the access information of all job documents in the box selected by the user is obtained from the server. However, the present invention is not limited to this. Never happen. For example, access information of all job documents in all boxes may be acquired from the server at regular time intervals. Therefore, in the following, a modification of the above embodiment will be described.

  In the modified example, the access information of the job document is acquired in the access information acquisition processing of all job documents shown in FIG. Therefore, the above-described flowchart of FIG. 16 is replaced with the flowchart of FIG. 25, and “acquisition of access information” in step S807 becomes unnecessary.

  FIG. 23 is a functional schematic configuration diagram of an image processing apparatus 101 according to a modification of the second embodiment of the present invention. In FIG. 23, the timer unit 1504 activates (triggers) the access information update unit 1503 at regular time intervals. The access information update unit 1503 activated by the timer unit 1504 communicates with the security server via the communication I / F 205 and performs access information acquisition processing for all job documents. This process will be described later with reference to FIG.

The acquired access information is stored in the access information storage table 1502. When the user operates the operation panel 208 to select a box, the document list display unit 1501 refers to the access information in the access information storage table 1502 and displays a list of all job documents in the selected box on the operation panel 208. indicate.
When the update key 706 on the operation panel 208 is pressed, the document list display unit 1501 issues an update request to the access information update unit 1503, and the access information update unit responds accordingly as described above. Acquisition processing of access information of all job documents.

  As described above, the contents of the access information storage table 1502 are updated to the latest information at regular intervals. When the user displays the document list, the document list is displayed according to the access information in the access information storage table. Will be displayed.

  Next, access information acquisition processing for all job documents performed by the access information update unit 1503 activated at regular intervals by the timer unit 1504 will be described with reference to FIG. FIG. 24 is a flowchart for explaining in detail access information acquisition processing for all job documents.

  First, paying attention to the first box (step S1601), access information of all documents in the box is acquired (step S1602). The access information acquisition process has already been described with reference to FIG.

  Next, it is confirmed whether or not the above processing has been performed for all boxes (step S1603). If processing has been performed for all boxes (Yes), this processing ends. On the other hand, when the box which has not performed processing remains (No), it pays attention to the next box (Step S1604) and repeats from the processing of Step S1602.

  As described above, the access information of all job documents in all boxes is stored in the access information storage table 1502 at regular time intervals.

  Next, a process for printing an image stored in the box by the user will be described. FIG. 25 is a flowchart for explaining the details of the printing process of the image stored in the box of the image processing apparatus 101.

  When the user presses the ID key 308 in the image processing apparatus 101 to request use of the device (step S1701), a screen prompting the user to input a user name and password is displayed on the operation panel 208 as shown in FIG. . When the user inputs his / her user name and password (step S1702), the image processing apparatus 101 requests the user authentication server 103 to confirm the validity of the user based on this (step S1703). Then, it is determined whether or not the user has successfully logged in based on whether or not the validity is confirmed (step S1704).

  As a result, if the login is not successful (No), the image processing apparatus 101 displays an error message indicating that the user cannot log in (step S1705), and ends the process. On the other hand, when the login is successful (Yes), the image processing apparatus 101 allows the user to use the device and displays an initial screen on the operation panel 208. When the user presses the box mode key 305, the liquid crystal screen on the operation panel of the image processing apparatus 101 becomes a box selection screen as shown in FIG. When the user selects a box to be processed on the liquid crystal screen (step S1706), a list of job documents in the selected box shown in FIG. 15 is displayed while referring to the access information in the access information storage table 1503. (Step S1707). The processing for displaying the list of job documents has already been described with reference to FIG.

  Then, on the job document selection screen shown in FIG. 15 displayed on the operation panel 208, the user selects a job document to be processed and displays it in black and white reversed (step S1708). Then, the user presses the print key 703 to make a print request for the job document (step S1709). As a result, the image processing apparatus 101 refers to the acquired access right information and checks whether or not the user has the right to access the print and the expiration date (step S1710). If the logged-in user does not have the print access right or the expiration date has passed, the image processing apparatus 101 displays an error message indicating that printing is not permitted (step S1711), and the process ends. On the other hand, if printing is permitted, the image processing apparatus 101 performs printing (step S1712).

  As a result, a list of job documents in the selected box is displayed. In this embodiment, when the box is selected in step S1706, there is an advantage that the time required for the processing is shortened because the access information acquisition inquiry is not made to the security server on the spot.

  In step S809 in FIG. 16 or step S1708 in FIG. 25 described above, when the user selects a job document to be processed, an inoperable key is grayed out according to the access right of the selected job document. You can also prevent it from being pressed. Thereby, the user's work efficiency is further improved. For example, FIG. 26 is a diagram illustrating a display example when the user C selects “Organization chart_2005” displayed on the liquid crystal screen 303. User C can only “reference” and “print” with respect to “Organization Chart_2005”. In this case, it can be seen that the setting change key 704 and the delete key 705 that cannot be instructed by the user C are grayed out and cannot be pressed.

  In the above embodiment, an example is shown in which access information is applied to the license ID of each document, but the present invention is not limited to this. For example, instead of applying the access information for each document, it may be configured to manage which security policy ID is applied to the license ID of each document. If the content of the security policy is changed, it will be reflected in all applied documents. That is, the same security policy can be applied to a plurality of documents.

  According to the present exemplary embodiment, when printing a document list (printing a list of job documents stored in a box), the image data entity ID (actual data ID) is also printed together. Therefore, the user can easily determine which document in which box the same document stored in a plurality of boxes by submitting a job once. Furthermore, the actual data ID of the image data is designated, and all job documents linked to the image data are collectively deleted. As a result, the efficiency of the recovery work (deletion work) that the user performs after the user puts an erroneous document into a plurality of boxes is improved.

<Other embodiments>
Although the embodiment has been described in detail above, the present invention can take an embodiment as a system, apparatus, method, program, storage medium (recording medium), or the like. Specifically, the present invention may be applied to a system composed of a plurality of devices, or may be applied to an apparatus composed of a single device.

  In the present invention, a software program (in the embodiment, a program corresponding to the flowchart shown in the drawing) that realizes the functions of the above-described embodiments is directly or remotely supplied to a system or apparatus. In addition, this includes a case where the system or the computer of the apparatus is also achieved by reading and executing the supplied program code.

  Accordingly, since the functions of the present invention are implemented by computer, the program code installed in the computer also implements the present invention. In other words, the present invention includes a computer program itself for realizing the functional processing of the present invention.

  In that case, as long as it has the function of a program, it may be in the form of object code, a program executed by an interpreter, script data supplied to the OS, or the like.

  Examples of the recording medium for supplying the program include the following. Floppy (registered trademark) disk, hard disk, optical disk, magneto-optical disk, MO, CD-ROM, CD-R, CD-RW, magnetic tape, nonvolatile memory card, ROM, DVD (DVD-ROM, DVD-R) .

  As another program supply method, the program can be supplied by downloading it from a homepage on the Internet to a recording medium such as a hard disk using a browser of a client computer. That is, it connects to a homepage and downloads the computer program itself of the present invention or a compressed file including an automatic installation function from the homepage. It can also be realized by dividing the program code constituting the program of the present invention into a plurality of files and downloading each file from a different homepage. That is, a WWW server that allows a plurality of users to download a program file for realizing the functional processing of the present invention on a computer is also included in the present invention.

  Further, the program of the present invention is encrypted, stored in a storage medium such as a CD-ROM, and distributed to users. Then, the user who has cleared the predetermined condition is allowed to download key information for decryption from the homepage via the Internet. It is also possible to execute the encrypted program by using the key information and install the program on a computer.

  Further, the functions of the above-described embodiments are realized by the computer executing the read program. In addition, the function of the above-described embodiment can be realized by an OS running on the computer based on an instruction of the program and performing part or all of the actual processing.

  Further, the functions of the above-described embodiments are realized even after the program read from the recording medium is written in a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer. That is, the functions of the above-described embodiments are realized by performing a part or all of the actual processing by the CPU or the like provided in the function expansion board or function expansion unit based on the instructions of the program.

It is a block diagram for demonstrating the structure of the document management system and policy management server which concern on the 1st Embodiment of this invention. 5 is a conceptual diagram of a data structure of information related to a document registered in an attribute database 1107 in the document server 1100. FIG. It is a figure which shows a part of document attribute information which a document management system hold | maintains. It is a figure which shows the access right information which a document management system hold | maintains. It is a figure which shows the cache of the policy information of the policy management server 1200 which a document management system hold | maintains. This is a cache of authentication information to the policy management server 1200 held by the document management system. It is a flowchart for demonstrating the basic process sequence at the time of registration of a document. It is a flowchart for demonstrating the basic process sequence of the list display process of the document in a folder. It is a block diagram which shows schematic structure of the image forming system which concerns on the 2nd Embodiment of this invention. 2 is a block diagram showing an internal configuration of an image processing apparatus 101. FIG. It is a figure which shows the example of a keyboard layout of the operation panel 208 of the image processing apparatus 101 which concerns on the 2nd Embodiment of this invention. 3 is a diagram illustrating an example of a logical usage method of an image data storage area in an HDD 204. FIG. 6 is a flowchart for explaining a processing procedure when a user stores an electronic document in a box of the image processing apparatus 101. 6 is a diagram showing an example of a screen displayed on a liquid crystal screen 303 when a box mode key 305 on the operation panel 208 is pressed. FIG. 4 is an example of an in-box screen displayed on the liquid crystal screen 303 of the operation panel 208. It is a flowchart for demonstrating the process sequence which prints the image which the user preserve | saved at the box. It is a flowchart for demonstrating the process sequence which acquires the access information of all the job documents in the box which the user selected from the server. It is a flowchart for demonstrating the process which displays the list of the job document in the selected box. It is a figure which shows an example of an access information storage table. 4 is a diagram illustrating an example of an input instruction screen displayed on a screen of a host computer 102. FIG. It is a figure for demonstrating the access right information which the security policy server 104 hold | maintains. It is a figure which shows an example of license information. It is a function schematic block diagram of the image processing apparatus 101 in the modification of the 2nd Embodiment of this invention. 10 is a flowchart for explaining in detail access information acquisition processing for all job documents. 4 is a flowchart for explaining details of a printing process of an image stored in a box of the image processing apparatus 101. 10 is a diagram illustrating a display example when a user C selects “Organization chart_2005” displayed on a liquid crystal screen 303. FIG. FIG. 9 is a diagram showing a list display example of documents in a folder displayed on the user interface 1001 of the client 1000 by executing the flow of FIG. 8.

Explanation of symbols

1000 Client 1001 User interface unit 1002 Command control unit 1003 Device control unit 1004 File control unit 1005 External module communication unit 1006, 1102 Document management control unit 1007, 1103 Internal data storage unit 1008, 1101, 1201 Communication control unit 1100 Document server 1104 Search Control unit 1105 Policy data processing unit 1106, 1204 Database control unit 1107 Volume database 1108 Attribute database 1109 Full-text search database 1200 Policy management server 1202 Policy management control unit 1203 Policy issue unit 1205 Policy management database

Claims (23)

A data management system for managing data for which access rights are set using a policy management server,
Holding means for holding the data together with information about the data;
A determination unit that determines whether or not an access right is set for the data with reference to the information about the data;
When an access right is set for the data, a first acquisition unit that acquires information of a policy management server that sets the access right;
Inquiry means for inquiring of the policy management server about information on the user's access right to the data with reference to the information of the policy management server;
Second acquisition means for acquiring information on the access right of the user to the data from the policy management server;
A data management system comprising: display means for displaying information related to the data together with information on the access right of the user to the data. The holding means holds a plurality of data;
The determination means determines whether an access right is set for each of the plurality of data,
2. The data management system according to claim 1, wherein the display unit displays information on a plurality of data for which access rights are set together with information on the access rights of the user for each data. The inquiry means inquires of the policy management server about information of each access right for a plurality of users with respect to the data;
The second acquisition means acquires information on the access rights of the plurality of users for the data from the policy management server,
The data management system according to claim 1, wherein the display unit displays information on the data together with information on access rights of the plurality of users for the data. A first recording means for recording policy management server information acquired in the past;
The said 1st acquisition means searches the information of the said policy management server from the said 1st recording means using the information regarding the said data. The any one of Claim 1 to 3 characterized by the above-mentioned. Data management system. Second recording means for recording user access right information for the data acquired from the policy management server;
A search means for searching for information on the user's access right to the data from the second recording means instead of acquiring the user access information by the second acquisition means. 5. The data management system according to any one of 1 to 4. Receiving means for receiving a change notification of information on a predetermined access right from the policy management server;
6. The data management according to claim 5, further comprising: a deleting unit that deletes, from the second recording unit, information on a user's access right to the data for which the predetermined policy has been notified of the change. system. Input means for allowing a predetermined user to input information about the user;
An authentication unit for authenticating the user based on the input user information;
7. The data management system according to claim 1, wherein the inquiry unit inquires the policy management server about access right information on the data of the user authenticated by the authentication unit. Further comprising output means for outputting the data held in the holding means;
8. The data management system according to claim 7, wherein when the user requests the output of the data by the output unit, the input unit inputs information of the user. 9.   8. The data management according to claim 7, wherein the input unit causes the user information to be input when the user requests access to the access-managed data held in the holding unit. system. The access right information includes information on the validity period of the data,
The data according to any one of claims 1 to 9, wherein the display means changes the display form of the access right information of the data based on the information related to the validity period of the data. Management system.   11. The data management according to claim 10, wherein the display means displays data outside the valid period by adding an index indicating that the data has expired in the vicinity of the name display position of the data. system.   11. The data management system according to claim 10, wherein the display means displays the name of data outside the valid period in a form different from the name of data within the valid period. The information related to the data held by the holding means includes license information indicating that an access right is set for the data,
The second acquisition means acquires the access right information when the license information of the data is included in the information related to the data,
The display means displays the data by changing the display form of the name of the data according to whether or not the license information is included in the information related to the data. The data management system described in the section.   The said 2nd acquisition means acquires the information of the access right of the said data from the said policy management server connected via the network, The any one of Claim 1-13 characterized by the above-mentioned. Data management system.   15. The data according to claim 14, wherein the second acquisition unit acquires the access right information of the data at a timing when the display unit displays the data held in the holding unit. Management system.   15. The data management system according to claim 14, wherein the second acquisition unit acquires information on the right to access the data every elapse of a predetermined time.   The data management system according to any one of claims 1 to 16, wherein the data is data input from an external device.   The data management system according to claim 17, wherein the data is data obtained by converting print data input from an external device.   The data management system according to any one of claims 1 to 17, wherein the data is data generated by reading a document by a document reading device in the system. The data is document data,
20. The information according to any one of claims 1 to 19, wherein the access right information is information indicating a deletion right, a write right, a read right, or a reference right of the document data. The data management system described in the section. The data is image data,
Whether the access right information is one of the types of information that permits the reference of the image data, the change of the content of the image data, the deletion of the image data, the copy of the image data, and the printing of the image data The data management system according to any one of claims 1 to 19, wherein the data management system is information indicating the above.   The data management system according to claim 21, further comprising image forming means for forming an image of the image data held in the holding means and outputting the image data. A data management method in a system that manages data with access rights set using a policy management server together with information related to the data, and manages the data,
A determination step of determining whether an access right is set for the data with reference to the information about the data;
When an access right is set for the data, a first acquisition step of acquiring information of a policy management server that sets the access right;
An inquiry step of inquiring of the policy management server with reference to the information of the policy management server about information on a user's access right to the data;
A second acquisition step of acquiring information on the access right of the user to the data from the policy management server;
And a display step of displaying information on the data on a display device together with information on the access right of the user to the data.

Images