JP2009032001A - Information processing system and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an information processing system and program for efficiently applying operation restriction information for regulating operation restriction to a document. <P>SOLUTION: When a composite machine 10 communicates with an authentication server 30 to authenticate an operator shown by operator information read by an IC card reader 50, the composite machine 10 transmits the authenticated operator information to a policy server 20, and transmits the operator information and device information including the name of the composite machine 10 to a policy setting server 40. The policy server transfers policy information settable for the received operator information to the policy setting server 40. The policy setting server 40 selects the optimal policy information from among the received policy information based on the received operator information and device information, and transfers it to the composite machine 10, and the composite machine 10 generates a protection document in which the policy information is set. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an information processing system and a program.

  As an example of a technique for improving the security of documents and files, there is a method of setting a security policy that is a confidential policy for each document and file. In order to refer to and update a document in which this security policy is set, it is necessary to satisfy the conditions indicated by the security policy. For example, when the identification information set in the document matches the identification information specified in the security policy, the reference and update processing can be performed.

  Patent Document 1 discloses a technique for setting a security policy of an organization. In Patent Document 1, a security attribute of target information to be operated and a user requesting the operation for the target information are disclosed. Based on the security attribute, the rule description that defines whether the operation is permitted or not is configured to allow the operation when the requirement is satisfied.

Further, in the prior art disclosed in Patent Document 2, in order to ensure document security with simple operation without taking time and effort, policy information that sets permission / rejection of image output for each application is held. Then, based on the application information determined by determining the application in which the received document data is created and the policy information, permission / rejection of image output of the received document data is determined.
JP 2005-038371 A JP 2006-264116 A

  An object of the present invention is to provide an information processing system and program that can efficiently apply operation restriction information that defines operation restrictions on a document.

  In order to achieve the above object, the invention of claim 1 is directed to managing means for storing and managing one or more pieces of operation restriction information for restricting operation of an operation target document, and operation restriction information managed by the management means. An information selection unit that selects operation restriction information for operation source identification information that specifies an operation source of the document from among the information, and a protected document that generates the protected document by setting the operation restriction information selected by the information selection unit in the document And generating means.

  The invention of claim 2 further comprises authentication means for authenticating an operator who operates the document according to the invention of claim 1, wherein the selection means stores identification information of the operator authenticated by the authentication means. And selecting the operation restriction information.

  The invention according to claim 3 is the invention according to claim 1 or 2, wherein the information management means manages operation restriction information for the operation source specifying information, and the selection means is for the operation source specifying information. The operation restriction information is selected.

  According to a fourth aspect of the present invention, in the invention according to any one of the first to third aspects, the operation restriction information includes a device name or execution time information of a device on which the confidential document generation unit executes generation of the protected document. It is characterized by including.

  The invention according to claim 5 is information for selecting operation restriction information for operation source specifying information for specifying an operation source of a document from one or a plurality of operation restriction information for limiting operation of a document to be operated. The operation restriction information selected by the selection unit and the information selection unit is set in the document to function as a protected document generation unit that generates a protected document.

  According to the first aspect of the present invention, it is possible to easily generate a confidential document in which optimum confidential information is set. In addition, it is possible to prevent unintended confidential information from being set in the document.

  According to the second aspect, there is an effect that it is possible to generate the optimum confidential information based on the information of the operator.

  According to the third aspect of the present invention, it is possible to generate a confidential document to which more optimal confidential information is applied.

  According to the fourth aspect of the present invention, there is an effect that it is possible to generate a confidential document in which optimum confidential information is set based on information on the process of generating the confidential document.

  According to the fifth aspect, it is possible to easily generate a confidential document in which optimum confidential information is set. In addition, it is possible to prevent unintended confidential information from being set in the document.

  Hereinafter, an information processing system and a program according to an embodiment of the present invention will be described in detail with reference to the accompanying drawings.

  FIG. 1 is an example of a diagram showing a system configuration of an information processing system according to an embodiment of the present invention.

  In FIG. 1, the information processing system includes a multifunction machine 10, a policy server 20, an authentication server 30, and an IC card reader 40. A security policy is set by setting policy information managed by the policy server 20 in a document. Generate an applied protected document.

  The security policy indicates a policy or norm for eliminating risk factors and ensuring confidentiality of the document, and the document to which the security policy is applied is in a state where use of the document and specific operations are restricted. That is, by applying the security policy, it is possible to prevent sentence information leakage and unauthorized access.

  For example, there are encryption and operation restrictions as security policies to prevent information leakage and unauthorized access, etc., encrypted documents are restricted from using the entire document, and restricted operations are restricted to specific operations. ing.

  In this embodiment, a process for generating a protected document in which policy information provided in accordance with a security policy is set in a document is shown, and the policy information is indicated by a plurality of policy grades that are classified according to security levels. By setting the policy information indicated by the policy grade in the document, a protected document in which the policy information is set in the document is generated.

  The multifunction machine 10 reads the printed material to generate an electronic document for the printed material, and prints out the electronic document requested to be printed. Further, the multi-function device 10 performs “protected document generation processing” for generating a protected document by setting policy information received from the policy server 20 in the document.

  The protected document at this time may be a digital document or a printed matter on which a watermark is printed. That is, the generated protected document may be stored in the storage area, or the protected document may be printed out.

  Further, the multifunction device 10 uses the information of the operator (user) read by the IC card reader 40 (hereinafter referred to as “user information”) to authenticate a user who requests generation of a protected document with the authentication server 30. By mutual communication. When the user authentication can be performed by this authentication processing, the user information of the authenticated user is transmitted to the policy server 20 so that the policy server 20 can select the optimum policy information.

  The user information at this time is represented, for example, in an XML (Extensible Markup Language) format as shown below.

01 <? Xml version = "1.0" encoding = "utf-8"?>
02 <department> development department </ department>
03 <Title> Mgr </ Title>
04 <name> Taro Fuji </ name>
05 <e-mail> taro.fuji@xxx.jp </ e-mail>
The first line of the user information indicates that the user information is formed in the XML format, the second line indicates information of the department to which the user belongs by the “department” tag, and the third line indicates “title”. ”Tag indicates the title of the user. In line 04, the user's name is indicated by the “name” tag, and in line 05, the user's mail address is indicated by the “e-mail” tag.

  In addition to the user information in the XML format, device information (for example, device name and device identification information (also referred to as “device ID”)) of the multifunction device 10 is transmitted to the policy server 20 to transmit the policy server 20. It is also possible to select the optimal policy information.

  The device information at this time can be shown in the following XML format.

01 <? Xml version = "1.0" encoding = "utf-8"?>
02 <MC> MC12345 </ MC>
03 <IP> 127.0.0.1 </ IP>
The device information in the XML format indicates that it is in the XML format on the 01st line, the device ID for identifying the device by the “MC” tag is indicated on the 02th line, and “IP” ”Tag indicates the IP address of the MFP.

  Note that the time information indicated by the “AuthDateTime” tag can also be included in the device information in the XML format described above. The time information at this time indicates information on the authentication date and time when the operator is authenticated. An example is shown below.

01 <? Xml version = "1.0"?>
02 <MC> MC12345 </ MC>
03 <IP> 127.0.0.1 </ IP>
04 <AuthDateTime> 2006-11-13 T05: 52: 00 + 09: 00 </ AuthDateTime>
Lines 01 to 03 are the same as the above-described device information, and the “AuthDateTime” tag on line 04 indicates authentication date and time information for authenticating the operator by the multifunction machine 10.

  The multi-function device 10 transmits the user information and device information shown in the XML format to the policy server 20.

  Based on the policy information acquisition request from the multifunction device 10, the policy server 20 performs processing for determining optimal policy information to be set in the requested document. The policy server 20 manages policy grade information that can be set for user information, and also manages policy information indicating the contents of the operation authority indicated by each policy grade.

  That is, policy information to be set for a document is determined by selecting a policy grade. At this time, policy grade information that can be set for the user information is shown in FIG. 4A, and the operation authority set for the policy grade is shown in FIG. 4B, which will be described below.

  The policy server 20 manages policy grades for specifying policy information to be set in a document as a policy setting table in association with information such as user information and device information included in a policy information acquisition request from the multifunction device 10. . By referring to this policy setting table, the optimum policy information to be set for the document is determined.

  Examples of this policy setting table are shown in FIG. 6, FIG. 8, FIG. 10, and FIG.

  Furthermore, when the policy server 20 operates the protected document generated by the protected document generation process using a client PC (not shown) or the like, can the policy server 20 be operated by the policy information set in the protected document? This determination process is performed, and the determination result is returned to the client PC that operates the document.

  The policy information managed by the policy server 20 will be described below with reference to FIG.

  FIG. 4A shows an example of policy grades that can be set for the user identified by the “affiliation department” and “position” information indicated by the user information. [Position] item 402 and [Settable policy grade] item 403.

  For example, if the department to which the user indicated in the user information belongs is "Development Department" and the title is "Mgr (Manager)", the [Configurable Policy Grade] item is the policy grade that can be set. Since the four policy grades “G1, G2, G3, G4” are shown in 403, it indicates that the policy information indicated by any one of the policy grades can be set.

  In addition, when the department is “development department” and the title is “office work”, one of “G1” is set in the “settable policy grade” item 403 as the settable policy grade. This indicates that it is possible to set only the policy information indicated by the policy grade of “G1”.

  FIG. 4B shows the contents of the operation authority for the policy grade indicated in the [Settable Policy Grade] item 403 in FIG.

  FIG. 4B includes a [policy grade] item 404 indicating a policy grade, and an [operation authority] item 405 indicating an operation content permitted in each policy grade.

  Among them, for example, only “browsing” is shown in the “operation authority” item 405 as the operation authority of the policy grade “G1” shown in the “policy grade” item 404, so the policy grade “G1”. The policy information indicated by indicates that it is an operation authority that allows only browsing.

  In addition, as the operation authority of the policy grade “G4” indicated in the “policy grade” item 404, “editable and printable (header string)” is indicated in the “operation authority” item 405. The policy information indicated by the grade “G4” indicates that it is an operation authority capable of either editing or printing including a header character string.

  Using such policy information, the policy server 20 selects an optimal policy grade for a policy information acquisition request including user information received from the multifunction machine 10. Then, the policy information for the selected policy grade is returned to the requesting multifunction device 10.

  Next, the authentication server 30 authenticates whether or not the user indicated by the user information read by the IC card reader 40 can execute the process for generating the protected document, and the authentication result is combined with the authentication request source composite. Respond to machine 10. If the user can be authenticated by the authentication process, the authenticated user information is also responded to the multi-function device 10, and if the authentication is not possible, a response to that effect is returned.

  The authentication server 30 is provided with an authentication information database (not shown), which manages combinations of user IDs and passwords for identifying operators included in the user information, and performs processing for inquiring these combinations and the like. Authenticates the user who performs the process of setting policy information in the document.

  A functional configuration of the information processing system of the present invention having such a system configuration is shown in detail in FIG.

  FIG. 2 is an example of a block diagram showing a detailed configuration of the information processing system according to the embodiment of the present invention.

  The information processing system shown in FIG. 2 includes an authentication unit 101, an information management unit 102, an image reading unit 103, a policy management unit 104, a policy determination unit 105, and a protected document generation unit 106.

  When an authentication request including the operator information of the operator of the document is made, the authentication unit 101 authenticates the operator for the operator information based on the information managed by the information management unit 102. When the authentication unit 101 authenticates the operator, the image reading unit 103 is notified that the operator has been authenticated. Further, the authentication unit 101 transmits the operator information of the authenticated operator to the policy management unit 104.

  As a result, the image reading unit 103 starts reading the printed material, and performs image information forming processing on the printed material. Also, the device name or device identification information of the image reading device by the image reading unit 103 is transmitted to the policy determining unit 105.

  The policy management unit 104 that has received the operator information manages policy information to be set for the document, and transmits policy information that can be set for the received operator information to the policy determination unit 105.

  When the policy determination unit 105 receives the policy information from the policy management unit 104, the policy setting unit 105 sets the policy set in the document indicated by the image information read and formed by the image reading unit 103 from the device name or device identification information received from the image reading unit 103. Determine information.

  When the policy determination unit 105 determines the policy information to be set for the document, the policy information and the formed image information are transmitted to the protected document generation unit 106. The protected document generation unit 106 generates a protected document protected by setting the determined policy information in the image information.

  FIG. 3 shows an example of a sequence diagram showing process transition of the information processing system according to the embodiment of the present invention.

  FIG. 3 is a sequence based on the system configuration of FIG. 1. The operator information is read from the IC card of the operator with the IC card reader (301), and the read operator information is transferred to the multifunction machine (302). . The multi-function peripheral that has received the operator information makes an authentication request including the operator information to the authentication server in order to authenticate the operator indicated by the operator information (303).

  The authentication server that has received the authentication request authenticates the operator from the operator information included in the authentication request (304). In the case of authentication, the authentication server responds with an authentication notification indicating that the authentication is performed together with the authenticated operator information to the requesting MFP (305).

  When the authentication notification is returned from the authentication server, the multifunction peripheral transmits the authenticated operator information to the policy server (306). The policy server that has received the operator information transmits the operator information to the policy server. Further, the policy server receives identification information for identifying the multifunction device from the multifunction device and information related to the multifunction device (308).

  When the policy server receives the policy information from the policy server and receives information about the multifunction device from the multifunction device, the policy server determines the policy information to be set in the document (309).

  The determined policy information is transferred from the policy server to the MFP, and the MFP generates a protected document in which the policy information is set in the document (310).

  The detailed flow of the policy information determination process shown in this sequence is shown in FIGS. 5, 7, 9, and 11, and will be described below.

  FIG. 5 shows an example of a flowchart showing a flow of processing for determining policy information to be set for a document in the information processing system according to the embodiment of the present invention.

  FIG. 5 is a process in which the policy server in the configuration of FIG. 1 determines policy information to be set for a document using the policy setting table shown in FIG.

  This process is started when it is determined whether a request for obtaining policy information including user information and device information has been received from the multifunction peripheral (501), and when it is determined that a request has been received (YES in 501).

  First, in order to search for optimum policy information with respect to user information and device information included in the policy information acquisition request received from the multifunction peripheral, the policy setting table shown in FIG. 6 is referred to (502).

  Next, the policy grade set for the user information and the device information is specified from the policy setting table (503). Subsequently, the policy information for the specified policy grade is searched (504), and the matched policy information is set as the policy information to be set in the document.

  When the policy information to be set for the document is determined in this way, the policy server transmits the policy information to the MFP that is the policy information acquisition request source.

  FIG. 6 is a diagram illustrating an example of a policy setting table managed by the policy server.

  The policy setting table shown in FIG. 6 includes [affiliation department] item 601, [title] item 602, [device name] item 603, and [policy grade] item 604, and is referred to in the process of the flowchart as shown in FIG. Is done.

  The [Affiliation Department] item 601 is information indicating the department to which the user indicated in the received user information belongs, and the [Position] item 602 is information indicating the title of the user indicated in the user information. The “name” item 603 is information indicating the name of the device (device) from which the policy information acquisition request is included in the received device information.

  The [Policy Grade] item 604 is information for identifying policy information, and is specified for the information indicated by the [Department] item 601, [Job title] item 602, and [Device name] item 603. Information.

  For example, when the department to which the received user information belongs is “development department”, the title is “Mgr (manager)”, and the device name indicated by the device information is “MC12345”, the policy grade is “G4”. The policy information for the G4 policy grade is determined as the policy information to be set in the document.

  The policy information of the policy grade of “G4” is determined to be “operating authority of editable and printable (header character string)” from FIG. 4B. Of course, the policy information includes not only this but also information “encrypt with a predetermined encryption algorithm using an encryption key”.

  Note that “−” shown in the [device name] item 603 indicates a case where the device name is not included in the received device information or a case where the device information cannot be received.

  FIG. 7 shows an example of a flowchart showing a flow of processing for determining policy information to be set for a document in the information processing system according to the embodiment of the present invention.

  FIG. 7 is a process in which the policy server in the configuration of FIG. 1 determines policy information to be set for a document using the policy setting table shown in FIG.

  This process is started when it is determined that a request for policy information including user information and device information has been received from the multifunction peripheral (701), and when it is determined that a request has been received (YES in 701).

  From the device name indicated by the device information included in the received policy information acquisition request and the scan / print execution time, the time zone to which the time belongs is specified (702). Next, a policy setting table as shown in FIG. 8 is referred to based on the information on the processing time zone in the specified multifunction peripheral and the received user information and device information (703).

  Then, the policy grade for the time zone information, user information, and device information is specified from the policy setting table (704). Subsequently, the policy information for the specified policy grade is searched (705), and the matched policy information is set as the policy information to be set in the document.

  When the policy information to be set for the document is determined in this way, the policy server transmits the policy information to the MFP that is the policy information acquisition request source.

  FIG. 8 is a diagram illustrating an example of a policy setting table managed by the policy server.

  The policy setting table shown in FIG. 8 includes [Department] item 801, [Position] item 802, [Time zone] item 803, [Device name] item 804, and [Policy grade] item 805, and is shown in FIG. This is referred to in the processing of the flowchart.

  [Affiliation] item 801, [Position] item 802, [Device name] item 804, and [Policy grade] item 805 are the [Affiliation] item 601, [Position] item 602, [ The information is the same as each of the “device name” item 603 and the “policy grade” item 604.

  [Time Zone] item 803 is information included in the device information received from the multifunction peripheral and indicating the time zone to which the scan / print execution time of the multifunction peripheral belongs.

  For example, the department of the user included in the received user information is “development department”, the title is “manager”, and the processing time in the MFP included in the received device information is “13:00” When the device name is “MC12345”, the “Department” item 801 is “Development Department”, the “Position” item 802 is “Manager”, and the “Device name” item 804 is “MC12345”. Since “13:00” belongs to “09: 00-17: 59” in the set time zone, the “time zone” item 803 becomes “09: 0-17: 59”.

  Therefore, the policy grade “G4” is selected in response to the policy information acquisition request including the user information and device information.

  FIG. 9 shows an example of a flowchart showing a flow of processing for determining policy information to be set for a document in the information processing system according to the embodiment of the present invention.

  FIG. 9 is a process in which the policy server in the configuration of FIG. 1 determines policy information to be set for a document using the policy setting table shown in FIG.

  This process is started when it is determined that a request for obtaining policy information including device information is received from the multifunction peripheral (901), and when it is determined that a request has been received (YES at 901).

  The policy information acquisition request received from the MFP may include at least device information and user information.

  When this acquisition request is received, the domain information, device name, and scan parameter information constituting the device information are extracted by analyzing the device information included in the request (902).

  Based on the extracted information, a policy setting table as shown in FIG. 10 is referred to (903), and an optimum policy grade for these information is specified (904). Policy information for the identified policy grade is retrieved (905), and the matched policy information is set as policy information to be set in the document.

  FIG. 10 is a diagram illustrating an example of a policy setting table managed by the policy server.

  The policy setting table shown in FIG. 10 includes [affiliation domain] item 1001, [device name] item 1002, [scan parameter] item 1003, and [policy grade] item 1004. Referenced.

  [Affiliation domain] item 1001, [Device name] item 1002, and [Scan parameter] item 1003 are information included in the device information received from the MFP, and [Affiliation domain] item 1001 is a composite indicated by the device information. [Device name] item 1002 is information indicating the name of the multifunction device, and [Scan parameter] item 1003 is various settings referred to by processing in the multifunction device. Information.

  [Policy grade] item 1004 is information for identifying policy information, and corresponds to the information indicated by each item of [affiliation domain] item 1001, [device name] item 1002, and [scan parameter] item 1003. It is information to be identified.

  For example, when the domain information constituting the received device information is “4f.dev1.xxx.jp”, the device name is “MC00678”, and the scan parameter is “color”, the policy grade is “G3”. The policy information for the policy grade of G3 is determined as the policy information to be set in the document.

  FIG. 11 shows an example of a flowchart showing a flow of processing for determining policy information to be set for a document in the information processing system according to the embodiment of the present invention.

  FIG. 11 is a process in which the policy server in the configuration of FIG. 1 determines policy information to be set for a document using the policy setting table shown in FIG.

  This process is started when it is determined that a request for policy information including confidential box information has been received from the multifunction peripheral (1101), and when it is determined that a request has been received (YES in 1101).

  The confidential box is an area for storing a document that can be operated only by a user designated in advance, and information for identifying the confidential box is referred to as confidential box information.

  When the confidential box information is received from the MFP, a policy setting table as shown in FIG. 12 is referred to based on the confidential box information (1103). Then, an optimum policy grade for the confidential box information is specified (1104). Policy information for the identified policy grade is retrieved (1105), and the matched policy information is set as policy information to be set in the document.

  FIG. 12 is a diagram illustrating an example of a policy setting table managed by the policy server.

  The policy setting table shown in FIG. 12 includes a “confidential box” item 1201 and a “policy grade” item 1202, and is referred to in the process of the flowchart shown in FIG.

  [Self-contained box] item 1201 is confidential box information received from the MFP, and [Policy grade] 1202 is information for identifying policy information, and is specified in correspondence with [confidential box] item 1202. It is.

  Optimal policies set for a document by executing the processes of FIGS. 5, 7, 9, and 11 in a policy server that manages a policy setting table as shown in FIGS. 6, 8, 10, and 12. Determine information.

  The configuration shown in the second embodiment is similar to that shown in FIG. 1 described in the first embodiment, and is a configuration in which a document management apparatus for managing documents is provided in the configuration shown in FIG. 1. A configuration diagram at this time is shown in FIG.

  FIG. 13 is a diagram showing a system configuration of the information processing system according to the embodiment of the present invention.

  In the configuration shown in FIG. 13, first, the multifunction device 10 acquires a document for which policy information is to be set from the document management apparatus 50, and then the policy server 20 determines optimal policy information for the acquired document. Thus, a protected document in which the policy information is set is generated by the multifunction machine 10.

  FIG. 14 shows state transitions in the information processing system configured as shown in FIG.

  In FIG. 14, when user information such as a user ID and password is designated and a document in the document management apparatus is selected by operating the multifunction peripheral (1401), the multifunction peripheral requests the document management apparatus to obtain a document. (1402). This acquisition request includes user information, and the document management apparatus specifies information about the user from the user information and searches for the requested document (1403).

  In the document management apparatus, it is specified that certain information included in the user information is used as the information for identifying the user. For example, the department to which the user belongs, the title of the user, the user ID, and the like correspond thereto. In the second embodiment, an example in which information of a user's department is used as information for specifying the user will be described.

  Then, the document management apparatus transmits the retrieved document and the information of the user's department, which is information for identifying the user, to the requesting MFP (1404). In the multi-function peripheral, these (information used to identify the user in the document management apparatus (information on the department to which the user belongs) and the document) are registered (1405).

  When the IC card reader reads the user information to the MFP in such a state (1406), the read user information is transmitted from the IC card reader to the MFP (1407). Upon receiving the user information, the MFP transmits the user information to the authentication server (1408), and the authentication server performs the user authentication process indicated by the user information (1409).

  When user authentication is performed by the authentication server, the authentication result is transmitted to the multi-function peripheral (1410). When the authentication result indicates that user authentication is possible, and a document registered in the multifunction device is specified to generate a protected document, the multifunction device is used to identify the authenticated user information and the registered user. A policy information acquisition request including information (department information) is sent to the policy server.

  Based on the received information, the policy server refers to a policy setting table as shown in FIG. 16 to determine optimum policy information to be set for the document (1412). When the policy server is determined, the policy server transmits the policy information to the requesting multifunction peripheral (1413).

  As a result, the multifunction peripheral generates a protected document by setting the received policy information in the document (1414).

  FIG. 15 is an example of a flowchart showing a detailed flow of processing in which the policy server determines policy information in the sequence shown in FIG.

  If it is determined that the user information and the “information used for specifying the user when the multifunction peripheral acquires a document from the document management apparatus” (information on the department to which the multifunction peripheral has received) are received from the multifunction peripheral (1501). (YES in 1501), the following processing is started.

  When these pieces of information are received, the policy setting table managed by the policy server is referred to based on these pieces of information (1502). An example of this policy setting table is shown in FIG. 16 and will be described below.

  By referring to the policy setting table, the policy grade set for the user information and “information used to identify the user when the multifunction peripheral acquires a document from the document management apparatus” (department information) is specified. (1503).

  Then, the policy information indicated by the policy grade is searched (1504). For example, the policy information for this policy grade is as shown in FIG.

  Next, FIG. 16 is a diagram showing an example of a policy setting table in Example 2 of the information processing system according to the embodiment of the present invention, and is a table configuration diagram referred to in the policy information determination flowchart shown in FIG. It is.

  The policy setting table shown in FIG. 16 includes a “user identification information in the document management apparatus (DMS)” item 1601, a “user information (user group)” item 1602, and a “policy grade” item 1603.

  [User identification information in the document management apparatus (DMS)] item 1601 is an item indicating information used to identify the user when the multifunction peripheral acquires a document from the document management apparatus, and is an example of this table. , Information of the user's department is shown.

  [User information (user group)] item 1602 is user information read by the IC card reader.

  Furthermore, a [policy grade] item 1603 is a level of policy information set for information specified as the [user identification information in the document management apparatus (DMS)] item 1601 and the [user information (user group)] item 1602. As shown in FIG. 4B, “G1” is the policy grade with the highest security level, and “G4” is the policy grade with the lowest security level.

  In the present invention, the program is executed from a recording medium (CD-ROM, DVD-ROM, etc.) storing a program for causing the information processing system having a communication function to execute the above-described operation or to configure the above-described means. It is also possible to configure an information processing system that executes the above-described processing by installing the program in a computer and executing it. A computer constituting the information processing system is connected to a central processor unit (CPU), a read only memory (ROM), a random access memory (RAM), and a hard disk via a system bus. The CPU performs processing using the RAM as a work area according to a program stored in the ROM or the hard disk.

  The medium for supplying the program may be a communication medium (a medium for temporarily or fluidly holding the program such as a communication line or a communication system). For example, the program may be posted on an electronic bulletin board (BBS: Bulletin Board Service) of a communication network and distributed via a communication line.

  The present invention is not limited to the embodiments described above and shown in the drawings, and can be implemented with appropriate modifications within a range not changing the gist thereof. For example, a keyword is also provided as an item in the policy setting table, and in addition to device information and user information, if a keyword that matches a word read from the document exists in the policy setting table, the policy set in the document based on these keywords It is also possible to determine the information.

An example of a figure showing a system configuration of an information processing system concerning an embodiment of the invention. 1 is a block diagram illustrating a detailed configuration of an information processing system according to an embodiment of the present invention. An example of the sequence diagram which shows the process transition of the information processing system which concerns on embodiment of this invention. An example of policy information managed by the policy server. An example of the flowchart which shows the flow of a process which determines the policy information set to a document in the information processing system which concerns on embodiment of this invention. The figure which shows an example of the policy setting table which a policy server manages. An example of the flowchart which shows the flow of a process which determines the policy information set to a document in the information processing system which concerns on embodiment of this invention. The figure which shows an example of the policy setting table which a policy server manages. An example of the flowchart which shows the flow of a process which determines the policy information set to a document in the information processing system which concerns on embodiment of this invention. The figure which shows an example of the policy setting table which a policy server manages. An example of the flowchart which shows the flow of a process which determines the policy information set to a document in the information processing system which concerns on embodiment of this invention. The figure which shows an example of the policy setting table which a policy server manages. The figure which shows the structure of the system configuration | structure of the information processing system in embodiment of this invention. The sequence diagram which shows the process transition in Example 2 of the information processing system in embodiment of this invention. FIG. 15 is an example of a flowchart showing a detailed flow of processing in which the policy server determines policy information in the sequence shown in FIG. 14. The figure which shows an example of the policy setting table in the present Example 2 of the information processing system in embodiment of this invention.

Explanation of symbols

10 MFP 20 Policy Server 30 Authentication Server 40 IC Card Reader 50 Document Management Device (DMS)
DESCRIPTION OF SYMBOLS 101 Authentication part 102 Information management part 103 Image reading part 104 Policy management part 105 Policy judgment part 106 Protected document production | generation part

Claims (5)

Management means for storing and managing one or more pieces of operation restriction information for restricting the operation of the operation target document;
Information selection means for selecting operation restriction information for the operation source specifying information for specifying the operation source of the document from the operation restriction information managed by the management means;
An information processing apparatus comprising: a protected document generation unit configured to generate the protected document by setting the operation restriction information selected by the information selection unit in the document. An authentication means for authenticating an operator who operates the document;
The selection means includes
The information processing apparatus according to claim 1, wherein the operation restriction information is selected using identification information of an operator authenticated by the authentication unit. The information management means includes
Managing operation restriction information for the operation source identification information;
The selection means includes
The information processing apparatus according to claim 1, wherein the operation restriction information for the operation source identification information is selected. The operation restriction information is
The information processing apparatus according to claim 1, wherein the confidential document generation unit includes a device name or execution time information of a device that executes generation of the protected document. Computer
Information selecting means for selecting operation restriction information for the operation source specifying information for specifying the operation source of the document from one or a plurality of operation restriction information for limiting the operation of the operation target document;
An information processing program that functions as a protected document generation unit that generates the protected document by setting the operation restriction information selected by the information selection unit in the document.

Images