JP4801681B2 - Document distribution method and document management method - Google Patents

Description

  The present invention relates to a distribution method of document data including image data and music data, a document data generation device, a document data utilization device, a program thereof, a document management method, a document management device, and a program thereof.

A technique called an electronic signature is known as a technique that can authenticate the authenticity of document data including digitized data such as image data and music data.
For example, a hash value of the digitized data is calculated, and an electronic signature encrypted using a secret key is attached to the digitized data and distributed. The user who receives the distributed digitized data decrypts the digital signature using public key cryptography, calculates the hash value of the digitized data, and verifies whether or not they match. It is possible to authenticate the received digitized data.

  Thereby, when the document data to be distributed is falsified, this can be detected, and illegal data distribution can be prevented.

However, the encrypted data attached as an electronic signature is visible and may be legible by performing an algorithm analysis of a plurality of data.
In addition, it has been proposed to embed an encryption key or the like as invisible digital watermark in image data constituting document data. An apparatus having a specific application for extracting and using the digital watermark from the document data Is required.

  In the present invention, document data is concealed and concealed by using usage control information separated into invisible data embedded as digital watermark in the digitized data and visible data described in the structured document. We propose a document distribution method that combines functions to prevent tampering, authenticate authenticity, and prevent unauthorized use.

  A document management method according to the present invention uses a data input unit that accepts input of various data, authentication data such as authentication information or access restriction information based on the various data input from the data input unit, and uses the document data Usage control information generating means for generating usage control information necessary for receiving, a designation instruction for specifying specific data as management information storage data, and receiving first usage control information constituting a part of the usage control information First management information storage means for storing management information storage data, and document structure generation for storing digitized data included in document data for each information item and storing content information for each information item in the identifier And a management identifier for setting the management information storage data as an information item in the document data, and the usage control information is configured complementarily with the first usage control information. The document data generation device comprising the second management information storage means for storing the second usage control information to be stored as the content information of the management identifier, the document composed of text data, image data, music data, and other electronic data An identifier is set for each of a plurality of information items for data, and a structured document that stores content information for each information item in the identifier is generated and distributed. (A) Accepted from a data input unit Based on the various data, the usage control information generating means generates usage control information necessary for using the document data, and the first usage control information and the second usage control information that complement the usage control information. And (B) the first management information storage means accepts a designation instruction to designate specific data as management information storage data, and stores the first usage control information in the management information storage format. A step of embedding as invisible data in the data, and (C) setting a management identifier for making the management information storage data in which the first usage control information is embedded an information item in the document data by the document structure generation means (D) by the second management information storage means, the content information of the management information storage data in which the first usage control information is embedded in the management identifier, and the first usage control from the management information storage data Extracting the information and storing the second usage control information for generating the usage control information for using the document data together with the first usage control information.

Here, the management information storage data includes computerized data such as image data or music data, and in the stage B, the management information storage data is the watermark data that cannot be visually or audibly recognized as the first usage control information. It can be configured to be embedded within.
Further, the structured document data generation apparatus according to the present invention sets an identifier for each of a plurality of information items for document data composed of text data, image data, music data, and other electronic data. Content information for each information item is stored in the data input unit that receives input of various data, and authentication data such as authentication information or access restriction information based on various data input from the data input unit. Generates usage control information generation means for generating usage control information necessary for generating and using document data, and accepts a designation instruction to designate specific data as management information storage data, and constitutes a part of usage control information First management information storage means for storing first usage control information as invisible data in management information storage data, and digitized data included in document data An identifier is set for each information item, a document structure generating means for storing content information for each information item in the identifier, and a management identifier for setting management information storage data as an information item in the document data, And second management information storage means for storing second usage control information that constitutes the usage control information complementarily with the first usage control information as content information of the management identifier.

  In addition, the program according to the present invention uses the document data by generating authentication data such as authentication information or access restriction information based on the various data input from the data input unit that receives input of various data and the data input unit. Usage control information generating means for generating usage control information necessary for receiving, a designation instruction for specifying specific data as management information storage data, and receiving first usage control information constituting a part of the usage control information First management information storage means for storing invisible data in the management information storage data, and an identifier is set for each information item in the digitized data included in the document data, and content information for each information item is stored in the identifier A document structure generating means and a management identifier for setting the management information storage data as an information item in the document data are set, and the information is combined with the first usage control information. Text data, image data, music data, and other electronic data by a document data generation device comprising second management information storage means for storing second usage control information that constitutes usage control information as content information of a management identifier. A program for a method of generating and distributing a structured document that sets an identifier for each of a plurality of information items for document data composed of structured data, and stores content information for each information item in the identifier, (A) Based on various data received from the data input unit, the usage control information generating means generates usage control information necessary for using the document data, and the usage control information is configured in a complementary manner. A step of generating the usage control information and the second usage control information; and (B) the first management information storage means receives a designation instruction to designate specific data as management information storage data. The first usage control information is embedded as invisible data in the management information storage data, and (C) the management information storage data in which the first usage control information is embedded is stored in the document data by the document structure generation unit. A step of setting a management identifier for an information item; (D) content information of management information storage data in which the first usage control information is embedded in the management identifier by the second management information storage means; And a step of storing first usage control information from the management information storage data and storing second usage control information for generating usage control information for using the document data together with the first usage control information. Is a program for causing a computer to execute.

Embodiments of the present invention will be described below.
[Document data generator]
On the issuer side that distributes document data, a structured document is created using a document data generation apparatus 100 as shown in FIG.
The document data generation apparatus 100 includes a data input unit 101 for inputting various data, and an authentication / access restriction unit 102 that manages authentication data and access restriction data and updates the contents of the authentication data management DB 103. The document data generation apparatus 100 also includes an encryption / signature unit 104 that creates data encryption and signature data, and watermark embedding for creating visible digital watermark data or invisible digital watermark data and embedding it in the digitized data. Part 105 is provided. Further, the document data generation apparatus 100 includes a document structure generation unit 106 for generating a document structure in a structured document such as XML or HTML, and a management information generation / image processing unit for generating management information and processing image data. 107.

The document data generation device 100 calls digitized data from the electronic document DB 109 that manages text data and the electronic document 110 that manages image data, and authentication information and access restriction information based on various data input from the data input unit 101. And the like, and the usage control information of the document data is generated.
A part of the usage control information is encrypted as the first usage control information by the encryption / signature unit 104 as necessary, converted into invisible digital watermark data by the watermark embedding unit 105, and obtained from the electronic document 110. Embedded in image data.

In the text data obtained from the electronic document 109 and the image data obtained from the electronic document 110, a tag is set for each information item based on the XML format or the HTML format, and the content information is provided as an element or attribute of each tag. Stored. The tag definition information of the set tag is stored in the tag definition DB 108.
At the same time, the control information based on the invisible digital watermark data embedded in the image data by the watermark embedding unit 105 generates management information as second usage control information that constitutes the usage control information complementarily to the first usage control information. It is generated by the image processing unit 107. In the second usage control information, a tag in a structured document such as an XML format or an HTML format is set, and content information is stored as an element or attribute in the tag. Also here, the tag definition information of the set tag is stored in the tag definition DB 108.

[Document data utilization device]
FIG. 2 shows a schematic configuration of a document data utilization apparatus necessary for a user to use the distributed document data.
The document data utilization apparatus 200 includes a data input unit 201 for inputting various data, a watermark extraction unit 202 for extracting watermark data embedded in the digitized data of the document data, and encrypted in the document data. If there is data or signature information, the data is decrypted, the decryption / signature processing unit 203 for restoring the signature data, and the authentication information and access restriction information are analyzed and the authentication data is stored in the authentication data management DB 205 An access control management unit, a document structure analysis unit 206 that analyzes the structure of distributed document data and stores it in the tag definition management DB 207, a data use unit 208 that allows the user to use the document data, and the like.

[Structured document]
Based on the tags defined by the document structure generation unit 106 and the management information generation / image processing unit 107, for example, a structured document as shown in FIG. 3 is generated.
Text information 1 selected as information items of document data, image information 1... Text information 2 are assigned identifiers of tag 1, tag 2... Tag n, respectively, and the information content as an element in each tag. Is stored.

When image information sp is designated as management information storage data, a tag sp for setting this as information item of document data is set, and information content is stored as an element of this tag sp.
The contents information stored as the elements of the tags 1 to n and the tag sp can also be stored as attributes of the respective tags.

  The tag sp can have a hierarchical structure having a plurality of subordinate tags according to the stored content information. For example, as shown in FIG. 4, a plurality of tags sp1 and tags are subordinate to the tag sp. It can be configured to include sp2. Further, the tag sp can be configured to have a plurality of attributes, and as shown in FIG. 5, the tag sp can be configured to include attribute 1, attribute 2,...

When a tag sp composed of a plurality of tags is configured as shown in FIG. 4, the elements of each tag can be set as shown in FIG. Here, the alteration detection target range is set as the tag sp1, the information type recorded in the image as the tag sp2, the encryption / authentication / signature algorithm type as the tag sp3, and the image information sp access policy as the tag sp4.
As the falsification detection target range set in the tag sp1, by specifying a tag set in each information item of the document data, it is possible to specify the content information of the tag as the falsification detection target range. In tag element content 1 of FIG. 6, all tags are specified as the falsification detection target range, and in tag element content 2, only tag 1 and tag 2 are specified as the falsification detection target range.

  The information type recorded in the image set in the tag sp2 indicates the type of first usage control information embedded as a digital watermark, and includes signature data, authentication data, encryption key, and other information types. Describe which one. The tag sp2 can also be set to store the configuration of the first usage control information, specification of parameters, route information indicating the distribution route of this document data, and the like.

The encryption / authentication / signature algorithm type information stored in the tag sp3 relates to the encryption key type and authentication information authentication method when the first usage control information embedded as an invisible digital watermark is encrypted. An algorithm, an algorithm related to an authentication method of signature information, and the like can be stored.
The image information sp access policy stored as the tag sp4 can be configured to set information related to access permission restrictions. For example, as shown in FIG. Various settings such as permission are possible.

The settings of the tags sp1 to sp4 are not limited to those shown in the figure, and it is possible to set five or more tags, it is possible to set to three or less, and a plurality of tags are included in the tag. It is also possible to adopt a configuration including attributes.
When a tag sp having a plurality of attributes is configured as shown in FIG. 5, each attribute can be set as shown in FIG. Here, the alteration detection target range is set as attribute 1, the information type recorded in the image as attribute 2, the encryption / authentication / signature algorithm type as attribute 3, and the image information sp access policy as attribute 4. The data set in each of the attributes 1 to 4 is the same as that set in the plurality of tags sp1 to sp4, and the description thereof is omitted here.

Each tag name when a plurality of tags sp1, tags sp2,... Are set below the tag sp, and each attribute name when a configuration having a plurality of attributes 1, attributes 2,. Can be a tag name or an attribute name as shown in FIG.
For example, when a parameter related to watermark processing is described, the tag name can be <watermark control>. As shown in FIG. 8, when the watermark control information of the first usage control information is “watermark embedding”,
<Watermark control> attribute = ENBED </ watermark control>
When the watermark control of the first usage control information is “watermark type 1: strong attack resistance mode”,
<Watermark control> attribute = 1-SO </ watermark control>
Can be described.

When describing this watermark control as an attribute of the tag sp,
<Tag sp watermark control = 'EMBED' / tag sp>
<Tag sp watermark control = '1-SO' / tag sp>
Can be described.
When a data name in which invisible watermark data is embedded is described as a tag element, the tag name is <watermark target name>, and “watermark embedding / extraction target file name” is described as the element. . For example, in the example shown in FIG. 8, in order to show that watermark data is embedded in the image data called Content1.jpg,
<Watermark target name> Content1.jpg </ watermark target name>
Is described.

Similarly, to describe this description as an attribute of the tag sp:
<Tag sp watermark target name = 'Content1.jpg' / tag sp>
Can be described.
To specify parameters such as the operating conditions (control program parameters) of the stored items stored as the first usage control information and the specified items (encrypted images), set the tag <parameter> can do. For example, as shown in FIG.
<Parameter> program name attribute = a </ parameter>
<Parameter> image file name </ parameter>
Can be described. Even when each parameter is set as an attribute of the tag sp, it can be described using “parameter” as the attribute name.

In addition, the data storage type of the first usage control information can be set with a tag having the tag name <configuration>. This configuration tag is used when the image data storing the first usage control information is included in the structure of a plurality of data storing various management information, and the data format of the structure and which data is used for the first usage Indicates whether control information is embedded. For example, as shown in FIG. 9, image information sp includes data 1 including image data in JPG, BMP, GIF, and other data formats, and various management information such as encrypted images, authentication / encrypted data, and control programs. When the data 2 including the extension part to be stored is synthesized data, the data format and the data in which the first usage control information is embedded are described in the <configuration> tag. For example, as shown in FIG.
<Configuration> Data storage 1 </ Configuration>
Format by data format
<Tag 1> Data structure Attribute = Data storage 1 </ Tag 1>
Can be described as follows.

[Image information sp]
As shown in FIG. 9, the image information sp10 designated as management information storage data includes a first data portion 11 in which image data to be actually displayed is stored, encrypted image data, a control program, and the like. It can be configured to include the second data portion 12 as an extension portion.
The image information sp10 is composed of JPG, BMP, GIF, and other image data formats, and stores usage control information such as encrypted image data, authentication data, encryption key information, and a control program.

A method of storing the first usage control information in the image information sp10 is shown in FIGS.
As shown in FIG. 30, the first usage control information can be embedded as a digital watermark in the first data portion 11 of the image information sp10. Here, in step S171, the first usage control information is embedded in the first data portion 11 of the image information sp10 as a digital watermark.
Since the image data stored in the first data section 11 is image data actually displayed on a monitor or the like, when the first usage control information is confidential information, it is necessary to embed it as an invisible digital watermark.

  As shown in FIG. 31, the first usage control information can be stored in the second data portion 12 of the image information sp. In this case, in step S181, the first usage control information is stored in the second data portion 12 of the image information sp10. The first usage control information can be configured to be stored as invisible watermark data or visible watermark data in a redundant portion of the image format of the second data portion 12.

As shown in FIG. 32, the first usage control information can be encrypted and stored in the image information sp10.
First, in step S191, the first usage control information is encrypted. As for the encryption key here, the first usage control information can be made secret information by encrypting the first usage control information using a common key in the secret key cryptosystem. When the first usage control information is signature information, it can be encrypted using a public key cryptosystem private key.

In step S 192, the encrypted information obtained by encrypting the first usage control information is stored in the second data unit 12. Here, the encryption information is embedded as invisible watermark data or visible watermark data in the redundant portion of the image format of the second data portion 12.
In step S193, the encryption key used when encrypting the first usage control information is embedded in the first data section 11. Also in this case, since the first data portion 11 is visible image data, the encryption key can be stored as confidential information by embedding the encryption key in the first data portion 11 as invisible watermark data. When the first usage control information is encrypted with a public key cryptosystem private key, it is not necessary to embed the encryption key in the first data section 11.

As shown in step S <b> 201 of FIG. 33, the first usage control information can be separated and stored in the first data unit 11 and the second data unit 12.
For example, as shown in FIG. 34, data 1 to be stored in the first data unit 11 and data 1x and data 2x separated from the first usage control information are prepared. In step S401, data 1x is embedded in data 1 as invisible watermark data. In step S402, data 2 is generated by performing data conversion using data 1x and data 2x. Here, data conversion processing such as encryption of data 2x using data 1x is possible.

In step S403, the data 1 in which the data 1x is embedded is stored in the first data part 11 of the image information sp10, and the data 2 converted by using the data 1x and the data 2x is stored in the second data part 12.
FIG. 35 shows a flowchart for restoring the first usage control information stored in the image information sp10 in this way. In step S411, data 1x embedded as invisible watermark data is extracted from the data of the first data portion 11 of the image information sp10. In step S412, the data 2x is decoded based on the extracted data 1x and the data 2 stored in the second data unit 12. For example, when the data 2x is encrypted using the data 1x as a secret key, the data 2x is decrypted using the data 1x extracted from the watermark data.

(Data format of image information sp)
As shown in FIG. 41, the management information storing image data as shown by the data (1) has a data format composed of the first data portion 11 and the second data portion 12 of the image information sp10, and the following data is Store.
When the management information storage image size is large and all watermark information such as a signature, timestamp, and access policy can be watermarked, the information is stored in the first data portion 11 of the image information sp10. When a management information storage image size is small and a program with a large amount of information cannot be watermarked, it is stored separately in the first data portion 11 and the second data portion 12 of the image information sp10.

The data shown in FIG. 40 can be considered as the data stored separately in the first data part 11 or the first data part 11 and the second data part 12 of the image information sp10.
For example, signature information such as a hash value, timestamp indicating the date of issue, and the like can be stored as feature information of the entire data (0). Further, signature information such as a hash value, timestamp indicating the issue date and update date can be stored as the characteristic information of the data (1), and the access name of the data (1) includes a user name, a usage permission period, read-only, Read / write permission information such as change permission can be stored. Furthermore, signature information such as hash values, partial characters, timestamps indicating the issue date and update date can be stored as characteristic information of data (2), and the user name, usage permission period, read / write as access policy of data (2) License information, rights holder ID, contact information such as address / phone number / URL, usage permission count, etc. can be stored. Furthermore, programs such as JAVA (registered trademark) applications can be stored.

[Electronic document generation flow]
(Generation of signature processing document)
FIG. 12 shows a flowchart for generating document data with a digital signature.
In step S31, an element that is a target of the falsification detection range is designated. For example, an input from the data input unit 101 is received, and an information item included in the document data is designated to determine which element is the target of the falsification detection range. If there is an element that is set in advance as a target of the falsification detection range by the file name of the digitized data included in the document data, it can be automatically set as a target of the falsification detection range.

In step S32, the digital signature of the element that is the target of the falsification detection range is performed. For example, the hash value of the entire element that is the target of the alteration detection range is calculated and stored as signature information.
In step S33, a conversion target element is selected from the document data. Here, selection of a conversion target element to be converted as image information sp is accepted.

In step S34, a conversion process is performed on the selected conversion target element. A conversion rule set in advance can be adopted as the conversion rule for the conversion target element, and a conversion rule inputted from the data input unit 101 can also be adopted.
In step S35, the conversion target element and signature information are recorded in the image data. At this time, the conversion target element is original information, and the original information and signature information are embedded in the image data as an invisible digital watermark.

(Use of signature processing document)
FIG. 13 is a flowchart for using document data that has been subjected to digital signature processing.
In step S41, an element that is a target of the falsification detection range is designated. Here, by analyzing the structure of the document and detecting the element that is the target of the falsification detection range from the information in the tag sp, the element that is the target of the falsification detection range can be specified.

In step S42, a conversion target element is selected. Information on the conversion target element is acquired from the information in the tag sp, and this is used as the conversion target element.
In step S43, the conversion element is restored. For example, the original information corresponding to the conversion target element embedded in the image information sp is extracted.
In step S44, the element that is the target of the falsification detection range is verified. The element that is the target of the falsification detection range is extracted from the information in the tag sp, and this signature information is generated. For example, the hash value of the entire element that is the target of the falsification detection range is calculated, and this is verified with the signature information restored from the image information sp.

(Verification of signature information)
A flowchart of FIG. 38 shows a method for generating signature information using a structured document such as an XML document.
In step S231, a signature range for digital signature is specified from the document data, and this specified range is described in the tag sp. The signature range can be specified by selecting a tag in the document data. Further, the signature range can be specified by describing the information content of the signature range as an element or attribute in the tag sp.

In step S232, signature information (s) in the designated signature range is generated. Here, signature information (s) is generated by calculating hash values of all elements included in the signature range.
In step S233, the signature information (s) is embedded as watermark information in the image information sp.
FIG. 39 shows a flowchart for verifying the signature information of the distributed document data.

In step S241, the structured document is analyzed, and information on the signature range included in the element or attribute of the tag sp is acquired.
In step S242, signature information (s0) within the acquired signature range is generated. Here, signature information (s0) is generated by calculating hash values of all elements included in the signature range of the current document data.

In step S243, watermark data included in the image information sp is extracted, and signature information (s1) included in the watermark data is extracted.
In step S244, signature information is verified. Here, the signature information (s0) obtained from the current document data is compared with the signature information (s1) extracted from the watermark data. If they match, the verification is successful. Error handling as failure.

(Generation of confidential processing documents)
FIG. 10 shows a control flowchart in the case where the document data generating apparatus 100 creates document data partially including confidential information.
In step S11, an element for falsification detection is designated. Here, based on the information input from the data input unit 101, it is determined which of the elements arranged in the document data is to be tampered with.

In step S12, the element that is the target of the falsification detection range is signed. For example, the hash value of the entire element that is the target of the falsification detection range is calculated and stored as a signature value.
In step S13, a conversion target element is selected. Here, the conversion target element to be converted as management information is selected. For example, when a part of document data is set as confidential information and is replaced with other specific information for distribution, the confidential information is converted. Can be configured to select as an element. A method for selecting a conversion target element can be determined based on a preset conversion target element or information input from the data input unit 101.

In step S14, a conversion process is performed on the selected conversion target element. A conversion rule set in advance can be adopted as the conversion rule for the conversion target element, and a conversion rule inputted from the data input unit 101 can also be adopted.
In step S15, authentication information is set based on the input authentication information. As the authentication information, it is possible to select a public key cryptosystem private key, a common key cryptosystem common key, user personal information, recording medium identification information, and other authentication information. Information inputted from 101 can be adopted.

In step S16, the conversion target element is encrypted using the set authentication information. Various encryption methods can be used as the encryption method, and encryption is performed by a method that can be decrypted and used by a legitimate user.
In step S17, the conversion target element is replaced with specific information. Here, specific information that replaces the conversion target element serving as confidential information is arranged at the position of the conversion target element.

  In step S18, the encrypted conversion target element, signature information, and authentication information are embedded as invisible watermark information in the image data included in the document data. For example, when the conversion target element is encrypted with a common key of a common key cryptosystem, the encryption information of the conversion target element, the common key information, the signature value of the element that is the target of the falsification detection range, etc. Embedded in the image data. When a part of the image data is selected as the conversion target element, the part corresponding to the conversion target element in the image data is replaced so as to be displayed after being converted into other specific information, and the conversion target element of the original information The portion is encrypted and embedded in the image data as watermark data together with the encryption key.

(Use of confidential documents)
FIG. 11 shows a flowchart for using document data partially including confidential information.
In step S21, an alteration detection target element is designated. The structure analysis of the document is performed, the element that is the target of the falsification detection range is detected from the information in the tag sp, and this is designated as the falsification detection target element.

In step S22, authentication information is acquired from the image data. First usage control information embedded as invisible watermark data in image data is extracted, and authentication information included therein is acquired.
In step S23, the authentication information input by the user is received and compared with the authentication information extracted from the first usage control information. For example, the user's personal information, identification information of the recording medium, and the like are input to the user and compared with the authentication information extracted from the first usage control information. If they do not match, the process is stopped.

In step S24, a conversion target element is selected. Here, the encrypted data included in the document data is designated as a conversion target element.
In step S25, the conversion target element is decrypted using the authentication information.
In step S26, the digitized data is restored using the decrypted conversion target element.

In step S27, the element that is the target of the falsification detection range is verified. For example, it is determined whether or not falsification has occurred by obtaining a hash value for a falsification detection range in the document data including the restored digitized data and comparing the hash value with the hash of the original information included in the first usage control information. Validate.
(Verification of confidential documents)
A flowchart of FIG. 36 shows a method for generating confidential processing information using a structured document such as an XML document.

In step S211, information (a0) is recorded in the structured document. For example, information (a0) is described by describing information (a0) in a tag set in tag sp or an attribute in tag sp, or by setting information (a0) with a tag in document data. ) Can be recorded in a structured document.
In step S212, copy information (a1) of information (a0) is embedded as watermark data in image information sp, and data for extracting watermark data is described in tag sp.

FIG. 37 shows a flowchart for verifying the confidential information of the distributed document data.
In step S221, the structured document is analyzed and information (a0) is extracted. Here, the information (a0) is acquired based on the information included in the element or attribute of the tag sp.
In step S222, information (a1) is extracted from the watermark data. Here, the watermark control information is obtained by analyzing the information of the tag sp, and the information (a1) is extracted from the watermark data based on the watermark control information.

In step S223, information (a0) in the structured document and information (a1) extracted from the watermark data are compared and verified. If the information (a0) in the structured document and the information (a1) extracted from the watermark data match, verification is successful, and if they do not match, error processing is performed as verification failure.
(Generate structured document tags)
FIG. 14 shows a flowchart for generating a document tag when the document data to be distributed is a structured document such as XML or HTML.

In step S51, tags (1 to n) are set for each information item for the digitized data included in the document data, and elements (1 to n) that are information contents in the tags (1 to n) are generated.
In step S52, a tag sp for storing information related to the image information sp that is management information storage data is generated.

In step S53, a plurality of tags (sp1, sp2...) Or attributes (1, 2,...) Set in the tag sp are set. As described above, a plurality of tags as shown in FIG. 6 or a plurality of attributes as shown in FIG. 7 can be set as the second usage control information.
In step S54, image information sp is designated. Here, the image information sp in which the first usage control information is stored is designated.

In step S55, first usage control information to be stored in the image information sp is generated, the first usage control information is stored in the image information sp, and the first usage control information is extracted from the image information sp. Second usage control information for using document data together with the first usage control information is stored in the tag sp.
(Use of structured document tags)
FIG. 15 shows a flowchart of a tag analysis method when using a distributed structured document.

In step S61, the tag (1-n, sp) and the element (1-n, sp) are input. Here, the structure analysis of each tag (1 to n, sp) in the distributed structured document is performed, and the elements in each tag are taken in at the same time.
In step S62, the tag sp is analyzed. Information about the image information sp (second usage control information) is stored in the tag sp, and the first usage control information stored in the image data can be extracted by analyzing the tag sp.

In step S63, the image information sp is analyzed and information restoration / verification is performed. Based on the second usage control information stored in the tag sp, the first usage control information included in the image data is extracted, the encrypted data is decrypted, and the signature information and confidential information are verified.
In step S64, the restoration element is displayed. Here, structured document data such as an XML document or an HTML document is displayed based on a style sheet specified in the document data.

(Access policy)
An example of data when the access policy is used control information is shown in FIG.
For example, as shown in FIG. 18, the access policy can be divided into an expiration date, the remaining number of times of use, a user attribute, processing authority, and other policy types.
When an expiration date is set as an access policy, for example, as shown in FIG. 18, data indicating the expiration date such as “˜YY.MM.DD”, “Forever”, “TODAY” may be used as content information. it can. When the remaining usage count is set as the access policy, the remaining usage count that is counted down each time it is used from the set initial value can be used as the content information. When the user attribute is set as the access policy, data such as “permit individual use only (+ S)” and “permit group use (+ G)” can be used as the content information. When processing authority is set as an access policy, data such as “read only (+ R)”, “rewritable (+ W)”, and “appendable (+ A)” can be used as content information.

(Document tag generation for access policy)
FIG. 16 shows a flowchart of document tag generation when the access policy is set to the tag sp.
In step S71, an access policy is designated. For example, one or a plurality of access policy types out of the expiration date, the remaining number of uses, the user attribute, and the processing authority and the policy contents set for the access policy type are determined.

In step S72, the access policy is stored in the tag sp. For example, the tag sp4 in the tag sp can be set as the tag of the access policy, and the policy content can be stored as an element of the tag sp4. It is also possible to describe the content information of the access policy as an attribute of the tag sp.
In step S73, image information sp is designated. Here, the image information sp for embedding the policy content of the access policy as the first usage control information is determined.

In step S74, the content information of the access policy is stored in the image information sp. Here, the content information set as the access policy is embedded in the image information sp as invisible digital watermark data.
(Using access policy tags)
FIG. 17 shows a flowchart when document data whose access policy is set as usage control information is used.

In step S81, the tag is analyzed from the distributed document data.
In step S82, the content information (p0) of the access policy stored in the tag sp is acquired based on the tag analysis result.
In step S83, the content information (p1) of the access policy embedded in the image information sp as invisible watermark data is extracted.

  In step S84, the content information (P0) of the access policy stored in the tag sp is compared with the content information (p1) of the access policy extracted from the image information sp to determine whether or not they match. If the access policy content information (P0) stored in the tag sp matches the access policy content information (p1) extracted from the image information sp, the process proceeds to step S85.

  In step S85, the user is made to use the document data based on the access policy. For example, if the content information of the access policy is “+ R + Today”, the document data is used under the restriction of “read only today”. If the remaining usage count is set as an access policy, the current remaining usage count is counted down to update the content information of the access policy, the content information of the access policy in the tag sp is changed, and a new The content information of the access policy is embedded as invisible watermark data in the image information sp.

(Distribution channel information)
When the distribution route information is set as the usage control information, for example, data as shown in FIG. 21 can be employed. Here, it is possible to set a distribution source route (From), a distribution route 1 (Through) and a route 2 (Through), a distribution destination route (To), and the like. Information, MAC address information, terminal information, etc. can be displayed.

(Tag generation for distribution channel information)
FIG. 19 shows a flowchart when document data is generated by setting distribution route information as a tag.
In step S91, the distribution route is designated as a distribution source route (From), a distribution route (Through), or a distribution destination route (To).

In step S92, the distribution route type information is set as a tag name in the tag sp, and identification information such as a URL and a MAC address is stored as second usage control information as the content information of the tag.
In step S93, image information sp for storing distribution route information as first usage control information is designated.
In step S94, the distribution route information is stored in the image information sp. At this time, the distribution route information can be embedded in the image information sp as invisible digital watermark data.

(Use tags for distribution channel information)
FIG. 20 shows a flowchart when document data whose distribution route information is set as use control information is used.
In step S101, the tag is analyzed from the distributed document data.
In step S102, the contents information of the distribution route information stored in the tag sp is acquired based on the tag analysis result.

In step S103, the used terminal route information embedded in the image sp as invisible watermark data is extracted.
In step S104, the distribution route information stored in the tag sp and the use terminal route information extracted from the image information sp are compared to determine whether or not they match. If the distribution route information stored in the tag sp matches the use terminal route information extracted from the image information sp, the process proceeds to step S105, and if not, the process proceeds to step S106.

In step S105, confirmation information is sent to the route (From) in the use terminal route information extracted from the image information sp.
In step S106, NG information is sent to the route (From) in the use terminal route information extracted from the image information sp.
(Generation of document data for program control)
A program is stored in the image information sp, and when this document data is used, the program is activated, and processing corresponding to the set parameters can be executed. A flow chart for generating such document data is shown in FIG.

In step S111, function setting is performed by using a parameter that determines what processing is to be executed by the program on the document data.
In step S112, the set parameter value is stored in the tag sp as second usage control information.
In step S113, program data is generated. Here, when using document data, program data for executing processing according to a set parameter is generated.

In step S114, digitized data is designated as the image information sp. Here, it is possible to select digitized data or other digitized data in the document data.
In step S115, the program data and the set parameters are stored in the image information sp. Here, the program data and the parameter value can be stored as invisible watermark data in the image information sp, and the program data can be encrypted and stored in the extension part of the image information sp.

(Use of document data for program control)
FIG. 23 shows a flowchart when using document data in which a program is stored in the image information sp.
In step S121, program parameters are acquired. The program parameters can be obtained from the information stored in the tag sp, and can also be obtained from information embedded as watermark information in the image information sp. It can also be configured to verify whether or not.

  In step S122, program data is read from the image information sp. If the program data is embedded as watermark data in the image information sp, the program data can be read out by extracting it. If the program data is encrypted, decryption is performed using the encryption key. When the encryption key is stored as an invisible watermark in the image information sp, there are various cases such as using user identification information, etc., and decryption is performed using an appropriate encryption key according to each case. .

In step S123, the read program is activated.
In step S124, parameters are input. Here, the parameters acquired in step S121 are input to the program.
In step S125, the input parameter is determined. For example, if the input parameter is “a”, the process proceeds to step S126 to execute process A, and otherwise, the process proceeds to step S127 to execute process B.

(Generation of document data including encrypted images)
FIG. 24 is a flowchart for generating document data including an encrypted image.
In step S131, an encryption key for encrypting the image data is designated. For example, an encryption key arbitrarily selected as a secret key of the common key cryptosystem, user identification information, recording medium identification information, and other information can be used as the encryption key.

In step S132, the image data is encrypted using the designated encryption key.
In step S133, parameters are set. Here, parameters related to the encryption algorithm are set in the tag sp, and parameters for specifying image data to be stored in the image information sp are set in the tag sp.
In step S134, the set parameter value is stored in the tag sp.

In step S135, a hash value of the image data is generated. Here, the hash value of the encrypted image data is calculated.
In step S136, digitized data is designated as the image information sp.
In step S137, a hash value of image data, encrypted image data, an encryption key, and the like are stored in the image information sp. It is possible to store the encrypted image data in the extension part of the image information sp, and embed the hash value and the encryption key of the image data in the specified digitized data as invisible watermark data, both in the digitized data It is also possible to embed as invisible watermark data.

(Use of document data including encrypted images)
FIG. 25 is a flowchart for using document data including encrypted image data.
In step S141, a parameter is acquired based on information stored in the tag sp. Here, parameters for specifying the encryption algorithm and the encrypted image data are acquired.

  In step S142, an encryption key, encrypted image data, and a hash value (s0) are read from the image information sp. Based on the parameters obtained from the tag sp, the encryption key and the hash value embedded in the digitized data as invisible watermark data are extracted and stored in the extension part of the image information sp. The encrypted image data embedded as invisible watermark data is read.

In step S143, a hash value (s1) of the read encrypted image data is calculated.
In step S144, the hash value (s0) read from the image information sp is compared with the calculated hash value (s1) of the encrypted image data. If they match, the process proceeds to step S145, and if they do not match In step S147, the process proceeds to step S147.
In step S145, the encrypted image data is decrypted using the read encryption key, and the image data is used in step S146.

In step S147, it is considered that data has been tampered with, error processing is executed, and the processing is terminated.
As the encrypted image data, for example, as shown in FIG. 27, the image data 21 of the seal selected as the image information sp can be used. The image data 21 is encrypted using an encryption key to generate encrypted image data 22. The encrypted image data 22 is superposed on the image data 21 as invisible watermark data and stored as image information sp.

Before the distributed document data is used, since the encrypted image data 22 is embedded as invisible watermark data, the image information sp is apparently image data of a seal stamp as the pre-use processing image data 23. When this image information sp is used, it is separated into the image data 24 and the encrypted image data 25 and can be used together.
As image data used for such authentication, a face (photo, illustration) image, signature / signature, fingerprint image, or the like can be used as shown in FIG.

(Electronic management of paper documents)
Consider the case where a paper document is digitized and managed using the method described above with reference to FIG.
The paper document 501 can be converted into image data using a scanner, for example, as bitmap data 502. The bitmap image 502 is combined with an account image 503 in which encrypted image data such as access control / authentication information is embedded, and document data 504 including the bitmap data 502 and the account image 503 is created as a structured document.

If it is determined that the data is used by an authorized right holder, the account image 503 is removed and browsing of the bitmap data 502 is permitted.
When the use of the document data 504 ends, information such as user data and use date using the document data 504 is added to the encrypted data embedded in the account image 503, and is again combined with the bitmap data 502 and managed. It is also possible to do.

(Reflecting the authentication information of electronic documents on paper documents)
Institutions that do not digitize documents are managing paper documents and authenticating them with the signatures on the documents. For example, when an electronic document with the electronic signature of the document creator is sent overseas via the Internet and used as a paper document for submission to a government office such as a customs office, even if the document is signed, authentication is performed. Is difficult. A document processing method capable of authenticating the document creator in such a case will be described with reference to FIG.

Here, the document creator or document sender transmits the electronic document from the first user terminal 800 to the second user terminal 820 of the document submitter via the Internet network 870. The electronic document to be transmitted is an electronic document 801 to which the electronic signature of the document creator is attached, and for example, an electronic commerce document can be adopted.
The electronic document 801 is transmitted from the first user terminal 800 to the second user terminal 820 via the Internet network 870.

On the second user terminal 820 side, the received electronic document 821 (same as the electronic document 801 on the transmission side) is printed as a paper document by the printer 822 to create a paper document 823. At this time, confidential information such as an electronic signature for authenticating the document creator is printed on the paper document 823 as digital watermark information that can be read by an image scanner or the like.
The paper document 823 created in this manner can be authenticated by the document creator by reading the digital watermark with the image scanner in the document management organization 850, and determines whether fraud such as tampering has been performed. It becomes possible. When submitting an electronic commerce document to the government office, the document submitter shall submit a printed electronic commerce document (paper document 823) to the government office (document management organization 850) and authenticate the electronic commerce document at the government office. Is possible.

(Management of digitized data)
Similarly, the account data 512 in which the access control information and the authentication information are embedded as encrypted data is synthesized with the digitized data 511 such as text data to create document data 513 in a structured document format.
In this case as well, when it is determined that the use is legitimate, the account image 512 is removed or made invisible, and browsing of the digitized data 511 is permitted. Further, after the use is completed, information such as the user and the use date of the document data 513 can be embedded as watermark data in the account image 512 and can be combined with the digitized data 511 and managed again.

(Generation of text data including encapsulation information)
FIG. 28 shows a flowchart for generating document data in which plural types of usage control information are stored in the tag sp and the image information sp.
In step S151, the usage control information stored in the image information sp is designated. For example, encrypted data, authentication information, encryption key information, a control program, and other information to be stored as first usage control information in the image information sp are designated.

In step S152, various parameters are set. Here, the second usage control information stored in the tag sp is set as a parameter.
In step S154, signature information of signature target information is generated. Here, a signature target range is designated in order to digitally sign structured document data, and signature information is generated by calculating a hash value of an element in the signature target range.

In step S155, image information sp is designated. The computerized data to be the management image is designated and set in the image information sp.
In step S156, the signature information calculated by the digital signature and other various usage control information are stored in the image information sp.
In step S157, various parameter values are stored. Here, various parameter values set for the first usage control information stored in the image information sp are stored in the tag sp.

(Use of document data including encapsulation information)
FIG. 29 shows a flowchart of use of document data in which a plurality of types of use control information is stored in the tag sp and the image information sp.
In step S161, various parameter values are acquired. Here, by analyzing the information of the tag sp, various parameters for the first usage control information stored in the image information sp are acquired.

In step S162, various information encapsulated from the image information sp is separated. For example, encrypted data stored in the image information sp, authentication information, encryption key information, control program, signature information calculated by a digital signature, and the like are extracted.
In step S163, signature information is generated. Here, the signature range of the document data is set as each element, and signature information is generated.

In step S164, the signature information separated from the image information sp is compared with the signature information generated based on the current document data. If the signature information in the signature target range does not match, the process proceeds to step S165. If the signature information matches, the process proceeds to step S166.
In step S165, error processing is executed and the processing ends.

In step S166, the confidential information is decrypted. For example, the encrypted data separated from the image information sp is decrypted using the encryption key separated from the image information sp.
When the confidential information includes image data, the image data is decoded at step S167. When the confidential information includes text data, the text data is decoded at step S168, and the confidential information includes audio information. In step S169, the audio data is decoded.

In step S170, the decoded image data, text data, and audio data are synthesized and used.
(Cooperation with OS registration screen)
User information can be registered in the OS (Operating System) on the issuer side that distributes document data, and the user information can be stored in the image information sp to distribute the document data.

  For example, the issuer-side OS 406 manages user information of users A, B... X, and manages OS management image files 404, 407, and 408 generated based on each user information. ing. On the issuer side, an image file 402 and other digitized data 403 are generated using various application programs 405, a management image file 404 for user A managed by the OS 406 is prepared, and document data based on these Distribute

(Registration to OS)
FIG. 42 is a flowchart for registering an OS management image file based on user information.
In step S251, user information is input. In this case, a user ID for specifying the user and rights information such as permission information for the user are input.

In step S252, user information is recorded in image data. Here, the input user information is converted into invisible watermark data or encrypted and recorded in the image data. Image data arbitrarily selected on the issuer side can be used, and image data selected by the user can also be used.
In step S253, the image data is filed. Here, the image data in which the user information is recorded is converted into a database file format managed by the OS 406.

In step S254, an image file including user information is registered in a database managed by the OS 406.
(Use of OS registered image file)
FIG. 43 shows a flowchart for using an image file registered in the OS 406.

In step S261, the OS is started and a login screen is displayed.
In step S262, password input is accepted and authentication is performed.
In step S263, the security management data recorded in the image file is registered in the OS.
In step S264, data such as watermark data, encrypted data, and encryption key is extracted from the image file included in the document data as the image information sp, and processing such as falsification detection, authentication, and access control is performed.

(Generation of document data using OS registered image)
FIG. 45 shows a flowchart for generating document data using an OS registered image.
In step S271, a document security generation program is started.
In step S272, the data format of the image information sp is designated. For example, consider the case of document data 30 including a text part 31, an image part 32, and an image information sp part 33 as shown in FIG. The data format of the image information 33 can be various data formats as shown in FIG.

Type 1 generates signature information of the text part 31 and the image part 32 and embeds it in the image data as an invisible watermark (data 1X). The signature target information is stored as (data 2X) in the data extension unit.
Type 2 generates signature information from the text portion 31 and the image portion 32, embeds the secret encryption key and signature information of the text portion 31 in the image data as an invisible watermark (data 1X), and stores the signature / encryption target information as data. This is stored as (Data 2X) in the extension.

Type 3 generates signature information from the text portion 31 and the image portion 32, embeds the signature information in the image data as an invisible watermark (data 1X), and extends the signature / encryption target information with the encryption key for encryption of the text portion 31 Is stored as (Data 2X).
Type 4 generates signature information from the text part 31 and the image part 32, embeds the secret encryption key of the text part 31 in the image data as an invisible watermark (data 1X), and extends the signature information and the signature / encryption target information Is stored as (Data 2X).

In step S274, signature information is generated from the text portion 31 and the image portion 32.
In step S275, the encryption key K is set. When the data format of the image information sp is Type1, it is not necessary to set the encryption key K. In this case, step S275 is skipped.
In step S276, image information sp is selected. If the OS registered image is used, the process proceeds to step S277, and if the OS registered image is not used, the process proceeds to step S279.

In step S277, an OS registration image is acquired. Here, the OS registered image file in which the user information of the user who distributes is set is called and set in the image information sp.
In step S278, various types of information are stored in the image information sp. Various types of information are stored in the image information sp according to the data format specified in step S272, and are processed using the information storage method described with reference to FIGS.

In step S279, arbitrary image data to be the image information sp is selected to generate management information storage data.
In step S280, various types of information are stored in the image information sp. In this case as well, similar to step S278, various information is stored in the image information sp according to the data format specified in step S272, and is processed using the information storage method shown in FIGS. be able to.

(Use of document data using OS registered images)
FIG. 48 is a flowchart showing the use of document data when the distributed document data uses OS registered images.
In step S281, the security function program is activated.
In step S282, the structure of the document data is analyzed, and tag information and attribute information in each tag are acquired.

In step S283, tag information and attribute information are analyzed.
In step S284, the image information sp is separated. Image information sp is extracted based on the result of tag and attribute information analysis processing.
In step S285, image data format information is extracted from the image information sp. Information relating to the image data format stored in the extension part of the image information sp or information relating to the image data format embedded as watermark data in the image part is extracted. When the image data format is stored in the tag sp, the information in the tag sp can be used.

In step S286, various types of information stored in the image information sp are extracted based on the information related to the image data format.
In step S287, it is determined whether an OS registration image is used. If it is determined that the OS registered image is used, the process proceeds to step S288.
In step S288, an OS registration image is acquired. For example, the OS registration image can be obtained by accessing the issuer's server via the Internet and downloading the OS registration image file.

In step S289, the processing content is determined. When the signature verification process is performed, the process proceeds to step S290. When the authentication process is performed, the process proceeds to step S291. When the usage control is performed, the process proceeds to step S292.
In step S290, the information extracted from the image information sp is compared with the information included in the OS registered image, and signature information verification processing is executed.

In step S291, the information extracted from the image information sp and the information input from the user terminal are compared, and the user authentication process is executed.
In step S292, document data usage control information is determined from the information extracted from the image information sp, and a usage restriction process is executed.
[Information disclosure system]
A document data management model in the information disclosure system will be described with reference to FIG.

The author 602 sends a document that is his own work and management information to the manager 601 and requests registration of the document A. The management information submitted by the author 602 to the manager 601 can set accounting information as access policy information for each document, as shown in FIG.
The administrator 601 registers the document requested for registration from the author 602 in the administrator DB 605 and publishes the registered document. The administrator 601 accepts a use request for a document published from the user 604, and executes the billing process when the author 602 makes a billing request. The administrator 601 adds management information in a range specified by the author 602 to the document after billing processing, and sends the document to the user 604. The manager 601 returns the profit from the document to the author 602.

  The management information added to the document can be configured as shown in FIG. 53, for example. Here, a management information display unit 612 set by the author 602 on the document cover 611, image data 613 in which management information by the author 602 is embedded as watermark data, and a document management information display unit for the administrator. 614, image information 615 in which management information of the administrator 601 is encrypted and embedded is displayed.

As shown in FIG. 52, the administrator 601 generates a user log such as a user name, use date and time, and the number of uses, and stores information such as popularity ranking in the administrator DB 605 as management information. The management information can be configured to include information such as a feeling received from the user 604, and this information can be delivered to the author 602 as necessary.
The provider 603 that distributes the document obtains the permission of the administrator 601 or the author 602 and obtains the contents disclosure of the document stored in the administrator DB 605 and the priority publication right of the copyrighted work. The provider 603 can execute document distribution and billing processing on behalf of the administrator 601.

(Flow chart of information disclosure system)
The operation of each person in this information disclosure system is shown in FIG.
In step S401, the author creates document data recording author information and the like. Here, document data is created by adding personal information of the author, management information such as an access policy, etc. to the author's own work.

In step S402, an information registration request is made to the administrator.
In step S411, the administrator installs a document parsing function. In step S412, in response to a registration request from the author, manager information, author image, and the like are added to the document data. Here, based on management information such as an access policy sent from the author, manager information such as billing information and access policy is generated and added.

In step S413, the title and contents of the document data are registered in the server and released.
In step S421, the user installs the document syntax analysis function. In step S422, user information is input, and based on this, a document data use request is made in step S423.

The administrator acquires user information, authenticates the user, and verifies the access policy based on the document data usage request from the user. Furthermore, the specific document in the document data is concealed with the user information, and the document data is created with the access control function added. Thereafter, in steps S416 and S417, distribution of document data and a charging request are performed.
In step S424, the user detects falsification using the watermark data in the distributed document data and uses the document. In step S425, a billing process is performed.

Based on the billing process from the user, the administrator performs a usage fee reduction process in step S418.
In step S419, the administrator transmits the document data information registered in the server to the provider. In step S420, user information is transmitted to the provider.

In step S431, the provider performs document introduction work based on the document data information acquired from the administrator.
[Implementation of security functions]
FIG. 54 shows an implementation example of the security function as described above when document data is distributed through a communication function such as the Internet.

The administrator side includes a WWW server 701, an interface 702 that performs XML structure analysis and access, and a business application 703, and is linked to various databases 704.
On the user side, a browser 711 capable of browsing various data distributed from the WWW server 701 and an interface 712 for performing XML syntax analysis and access are provided.

On the user side, document data 722 including the XML document transmitted from the WWW server 701 and the XSL style sheet is displayed on the browser 711, and data input thereto is returned to the WWW server 701 as an XML document.
(Encryption and invisible watermark)
FIG. 55 shows an example of a tag sp in the case where the encrypted secret information is embedded as the image information sp and browsing control is performed.

FIG. 57 shows a flowchart for defining an XML document as shown in FIG.
In step S301, a tag is set. Here, <security> for defining security processing and <mark_file> for defining the target image are set as tags in the tag sp.
In step S302, the attribute “authenticate” indicating the authentication type in the security tag is set to “password”. In this case, the user authentication information is set to be accepted by keyboard input.

In step S303, an attribute info_type that defines information stored in the watermarked image data in the security tag is set. The attribute value “secret” set here indicates that it is confidential information, and the attribute value “authentication” indicates that the authentication information is stored in the image specified by mark_file.
In step S304, an attribute wm_verification indicating authentication processing in the security tag and an attribute a_encrypted indicating encryption means are defined. Here, '2001.8.30' set in the attribute wm_verification indicates the authentication process expiration date, and 'DES' set in the attribute a_encrypted indicates that it is encrypted by DES encryption.

  In step S305, an attribute security_method indicating a security type (such as a watermark type) in a mark_file tag and an attribute wm_in that defines information embedded as watermark data are defined. Here, 'invisible_watermark' set as the attribute security_method defines that it is an invisible watermark of Fujitsu Limited, and 't0' set in the attribute wm_in is embedded in t0.txt. It means you have gone.

An example of the style sheet demo.xsl defined in demo.xml in FIG. 55 is shown in FIG. When demo.xml is displayed on the browser, it is displayed according to the contents of the style sheet defined in the document.
(Document data generation)
FIG. 58 shows a flowchart for generating document data using encrypted and invisible watermark data.

In step S311, the definition of the document analysis process is registered, the contents of the digitized data to be document data are registered, and preparations for generating a structured document are made.
In step S312, the document generation application is activated. For example, an XML parser is started to start generating a structured document.
In step S313, confidential information and image data to be embedded as invisible watermark data are designated.

In step S314, authentication information is set, and watermark related information is stored in an XML document. For example, password is set as authentication information, and the attribute value in each tag is set in the procedure as shown in FIG.
In step S315, the confidential information is converted into hidden characters and stored in the XML document. For example, by setting the confidential information set in the element of the tag security to “******”, the data described in this element is made invisible.

In step S316, the confidential information and the authentication information are made invisible watermark data and embedded in the image data to generate document data with image data.
(Use of document data)
FIG. 59 shows a flowchart when using document data using encrypted and invisible watermark data.

In step S321, the document use application is activated. In order to analyze the structured document, an application such as an XML parser is started to prepare for document use.
In step S322, the elements and attributes in the tag are detected. Here, the structure of the structured document is analyzed, and the elements and attributes described in the tags are analyzed.
In step S323, authentication information described as an element or attribute in the tag is detected.

In step S324, invisible watermark data embedded in the image data is extracted, and authentication information included in the watermark data is detected.
In step S325, the authentication information detected from the element or attribute in the tag is compared with the authentication information extracted from the image data and verified.
In step S326, if the authentication information detected from the element or attribute in the tag matches the authentication information extracted from the image data, the process proceeds to step S327. If the authentication information does not match, the process proceeds to step S328. Transition.

In step S327, the confidential information embedded in the image data as invisible watermark data is extracted and displayed.
In step S328, the content of the confidential information is displayed in hidden characters.
(Encryption, invisible watermark, signature information)
FIG. 60 shows an example of a tag sp when embedding secret information and signature information encrypted as image information sp. In this example, the configuration is almost the same as demo.xml of FIG. 55, and the configuration shown in (4) is added.

A flowchart of the processing in this case is shown in FIG.
In step S331, an attribute info_type that defines information stored in the watermarked image data in the security tag is set. Here, similarly to step S303 in FIG. 57, an attribute value 'secret' indicating confidential information and an attribute value 'authentication' indicating that authentication information is stored in the image specified by mark_file are set. At the same time, an attribute value 'sign' indicating that the signature information is stored in the image specified by mark_file is set.

In step S332, the attribute sign_target for defining the signature range is set. Here, the attribute value “all” set in the attribute sign_target indicates that the information to be signed is all elements of the XML document.
In step S333, other tag elements are set in the same manner as the tag elements shown in FIG.
(Generation of document data with encrypted data and signature information)
FIG. 62 shows a flowchart for generating document data using encrypted data and signature information as invisible watermark data.

In step S341, the definition of the document analysis process is defined, the contents of the digitized data that is the document data are registered, and preparation for generating a structured document is performed.
In step S342, the document generation application is activated. For example, an XML parser is started to start generating a structured document.
In step S343, processing similar to that in steps S313 to S315 in FIG. 58 is executed.

Step S344 performs digital signature processing of the designated element. Here, one-way function processing such as a hash function is executed on all elements of the XML document to generate signature information.
In step S345, the signature range information and the signature information are embedded as invisible watermark data in the image data to generate document data with image data.
(Use of document data with encrypted data and signature information)
FIG. 63 shows a flowchart when using document data having encrypted data and signature information.

In step S351, the document use application is activated. In order to analyze the structured document, an application such as an XML parser is started to prepare for document use.
In step S352, elements and attributes in the tag are detected. Here, the structure of the structured document is analyzed, and the elements and attributes described in the tags are analyzed.
In step S353, verification processing using authentication information similar to steps S323 to S328 in FIG. 59 is performed.

In step S354, signature information of the target document specified in the tag sp of the document data is generated. Here, the hash value of each designated element is calculated.
In step S355, signature information embedded as watermark data in the image data is extracted.
In step S356, verification processing is performed by comparing the signature information generated from the document data with the signature information extracted from the watermark data.

In step S357, if the signature information generated from the document data matches the signature information extracted from the watermark data, the user is allowed to use the document data. If the signature information does not match, the process proceeds to step S358. .
In step S358, error processing is executed. For example, the error process may be a process of displaying that the signature information does not match, urging the user to give a warning, or notifying the administrator.

(Encryption and visible watermark)
FIG. 64 shows an example of document data tag sp in which visible watermark data is embedded as image information sp to prevent unauthorized use.
FIG. 65 shows a flowchart for defining an XML document as shown in FIG.
In step S361, a tag is set. Here, <security> for defining security processing and <mark_file> for defining the target image are set as tags in the tag sp.

In step S362, an attribute wm_remove for defining removal information of visible watermark data in the security tag is set. Here, '@password' set as the attribute value of the attribute wm_remove defines the removal information of visible watermark data 'FJ' (information entered by password is encrypted).
In step S363, the attribute security_method that defines the security type in the security tag is set. The attribute value “visible_watermark_f” set here indicates that it is visible watermark data of the Fujitsu Limited specification.

In step S364, an attribute v_wm that defines information of visible watermark data in the mark_file tag is set. Here, 'FJ' set as the attribute v_wm indicates that the visible watermark data is 'FJ'.
In step S365, other tag elements and attributes are set in the same manner as the document data in FIG.

(Document data generation)
FIG. 66 shows a flowchart for generating document data using encrypted data and visible watermark data.
In step S371, the definition of the document analysis processing is registered, and the contents of the digitized data to be document data are registered, and preparation for generating a structured document is made.

In step S372, the document generation application is activated. For example, an XML parser is started to start generating a structured document.
In step S373, visible watermark data and image data to be embedded are designated.
In step S374, authentication information is set, and watermark related information is stored in the XML document. For example, password is set as authentication information, and the attribute value in each tag is set in the procedure as shown in FIG.

In step S375, visible watermark data is embedded in the image data to generate document data with image data.
(Use of document data)
FIG. 67 is a flowchart for using document data using encrypted data and visible watermark data.

In step S381, the document use application is activated. In order to analyze the structured document, an application such as an XML parser is started to prepare for document use.
In step S382, the elements and attributes in the tag are detected. Here, the structure of the structured document is analyzed, and the elements and attributes described in the tags are analyzed.
In step S383, authentication information described as an element or attribute in the tag is detected.

In step S384, authentication information input by the user is received.
In step S385, the authentication information detected from the element or attribute in the tag is compared with the input authentication information for verification.
In step S386, if the authentication information detected from the element or attribute in the tag matches the input authentication information, the process proceeds to step S387, and if not, the process proceeds to step S388.

In step S387, visible watermark data is removed and image data is displayed.
In step S388, image data is displayed with information in which visible watermark data is embedded.
(Document usage control)
An example in the case of controlling the use of a document for the purpose of rights protection is shown in FIG.

In the server 900 on the administrator side, a database in which a plurality of documents 901 are managed is constructed. Each document 901 includes a structured document (XML document) 902, a style sheet (XSL document) 903, and image data 904 including confidential information as a digital watermark.
In the user computer 950 on the user side, application software for using the document 901 managed by the server 900 on the administrator side is installed, and document search / download and use of the document are performed using this application. .

The user computer 950 performs user registration with the user registration organization 920 in order to use the documents in the database of the server 900. Here, the user's personal information or the like is transmitted to the user registration organization 920, and a notification of user information is transmitted from the user registration organization 920 to the administrator's server 900.
The user computer 950 accesses the server 900 on the administrator side through the Internet network, public line network, or other network, and performs document search processing. In this case, for example, the search can be performed using an existing search engine or the like, and the search can be performed by a search engine prepared in the server 900.

The server 900 notifies the user computer 950 of the search result based on the category, keyword, etc. notified from the user computer 950. This search result notification is displayed so that it can be recognized by the user by the browser of the user computer 950 or the like.
When a document that the user desires to use is selected from the search result notification displayed on the user computer 950 side, the file designation information is transmitted to the server 900.

The server 900 generates image data 904 corresponding to the user based on the user information notified from the user registration organization 920 based on the file designation information transmitted from the user computer 950, and the document 901 is stored in the user 901. Send to computer 950.
The user computer 950 performs an authentication process by inputting a password and other user authentication information. As a result of the authentication process, when the user cannot be normally authenticated, the confidential information portion is displayed in a hidden character such as an asterisk.

Further, when the user can be normally authenticated, confidential information is acquired. For example, confidential information embedded as a digital watermark in the image data 904 is taken out and decrypted if it is encrypted.
When the confidential information can be acquired normally, the confidential information is displayed by combining with the document data.

For example, as shown in FIG. 71, the structured document 902 in the database managed by the server 900 is stored information indicating the location of the original information embedded as the digital watermark restoration information 905 and the invisible digital watermark. Consider the case of a configuration including 906.
In this case, the document 901 transmitted to the user computer 950 based on the file designation information from the user side includes the structured document 902, the style sheet 903, and the image data 904 in which the confidential information is embedded as a digital watermark. Contains. In the user computer 950, there is a display document 970 including an image display unit 972 for displaying image data including original information of confidential information as a digital watermark and a confidential information display unit 971 for displaying original information of hidden characters or confidential information. Will be displayed.

When the user authentication fails, the hidden information display portion 971 of the display document 970 displays a hidden character display 973 as shown in FIG. If the user authentication is successful, the secret information display unit 971 of the display document 970 displays the original information 974 as shown in FIG.
When configured in this way, it can be configured to display the original information of the confidential information only to legitimate users, and it is possible to protect the rights of the copyright holder and those who have the right to distribute documents. . Even after downloading to the user computer 950 on the user side, it can be configured to perform user authentication each time a document is used. It is possible to reduce the loss of profits of distribution rights holders.

[Obtain usage control information from printed matter]
A data management apparatus for using an image in which usage control information is embedded as an invisible watermark as electronic data using a digital camera or an image scanner will be described.
FIG. 74 is a functional block diagram showing a simplified configuration of the data management apparatus.

  The data management apparatus includes an image input unit 1001 for acquiring digitized data, an image analysis unit 1002 that analyzes the digitized data captured from the image input unit 1001 and extracts usage control information, and an image analysis unit. An information management unit 1003 that acquires document data composed of text data, image data, music data, and other digitized data corresponding to the usage control information extracted in 1002, and the document data acquired by the information management unit 1003 An XML document generation unit 1004 that generates a structured document based on the above.

The image input unit 1001 acquires digitized data obtained by converting an image with usage control information embedded as an invisible watermark by a digital camera, an image scanner, or the like.
The image analysis unit 1002 extracts information elements from the digitized data acquired by the image input unit 1001 and extracts usage control information. For example, the analysis processing of each electronic data is executed in the procedure shown in FIG. To do.

First, the element separation function unit 1021 executes element separation processing on the acquired digitized data into image data 1022 such as a picture or a photograph and text data 1023 including control information for extracting a watermark.
The separated text data 1023 is analyzed by the text analysis function unit 1024 to extract control information 1025 for extracting a watermark. The text information 1023 is converted into an XML document by the XML document function unit 1026 in order to generate a structured document.

The watermark extraction function unit 1027 extracts watermark information 1028 from the image data 1022 using the watermark extraction control information 1025 extracted from the text data 1023.
The watermark information 1028 extracted from the image data 1022 is analyzed by the watermark information analysis function unit 1029. The watermark information 1028 includes data usage restrictions, website address information to be linked, and other usage control information.

The information management unit 1003 acquires document data composed of text data, image data, music data, and other digitized data corresponding to the usage control information in the watermark information 1028. For example, Data processing is executed according to the procedure shown in FIG.
Based on the usage control information extracted by the image analysis unit 1002, the usage information analysis function unit 1031 acquires document data including corresponding text data, image data, music data, and other digitized data.

For example, when the usage control information includes data related to usage restrictions, the user can be authenticated and the usage restrictions can be configured based on the authentication result.
Also, if the usage restriction information includes the address information of the linked website, access to the corresponding website is executed, and the text data, image data, and music data contained therein are included. Get document data such as.

The XML data generation function unit 1032 sets TAG and attribute values for the document data acquired by the usage information analysis function unit 1031 to generate structured document data. For each document data acquired from the website, a TAG or attribute value table is created with reference to the form number and stored in the attribute value database 1034.
In the link designation function unit 1033, when link information is further added to document data acquired from a website or the like, the link information is acquired and used as structured document data, and the link information database 1035 stores this link information. Store the data.

  The XML document generation unit 1004 generates an XML document based on the XML data generated by the information management unit 1003. If the XML data generated by the information management unit 1003 includes information elements 1 such as information 1 composed of image data, information 2 composed of text data, and information 3 as shown in FIG. A structured document as shown in FIG.

FIG. 78 shows a processing flow for generating image data in which usage control information is embedded as an invisible watermark.
In step S401, input of image data, text data, or the like that is the basis of the output image data is received.
In step S402, the structuring process of each data received in step S401 is executed. Here, the arrangement and configuration of each data are determined, and the structure of the output image data is determined. At this time, in step S403, usage control information is generated, and processing for embedding it as an invisible watermark in the image data is executed.

In step S404, watermark extraction control information for extracting usage control information embedded in the image data as an invisible watermark is generated. Here, position information indicating where the watermark information is embedded in the image data, watermark type information, watermark version information, and the like are generated as watermark extraction control information.
In step S405, the image data is synthesized based on each structured data and the generated watermark extraction control information, and the final image data is output.

  The image data generated in this way is distributed as a printed material, for example, printed on paper using a printer or the like. The distributed image data on the printed matter can be captured as digitized data by a digital camera or an image scanner, and various data corresponding to the usage control information can be used. FIG. 79 shows a processing flow of the document management apparatus when using data.

In step S411, the image input unit 1001 acquires image data. As described above, image data distributed as a printed material can be captured as digitized data by a digital camera, an image scanner, or the like, and the digitized data can be acquired by the image input unit 1001.
In step S412, the element separation function unit 1021 of the image analysis unit 1002 separates the image data 1022 and the text data 1023.

In step S413, analysis processing of the separated image data 1022 and text data 1023 is executed. Here, the text analysis function unit 1024 analyzes the text data 1023 and extracts control information for watermark extraction.
In step S414, the invisible watermark embedded in the image data is extracted based on the extracted watermark extraction control information, and usage control information is acquired.

In step S415, various data corresponding to the usage control information is acquired, and an XML structured document is generated based on the acquired data.
In this embodiment, an XML document is adopted as the structured document, but HTML and other structured documents can be adopted.

<Appendix>
(Appendix 1)
Structure in which an identifier is set for each of a plurality of information items for document data composed of text data, image data, music data, and other electronic data, and content information for each information item is stored in the identifier A document distribution method,
(A) generating usage control information necessary for using the document data, and separating the usage control information into first usage control information and second usage control information that are complementary to each other;
(B) designating specific data as management information storage data, and embedding the first usage control information in the management information storage data;
(C) setting a management identifier for setting the management information storage data in which the first usage control information is embedded as an information item in the document data;
(D) Content information of management information storage data in which the first usage control information is embedded in the management identifier, and first usage control information is extracted from the management information storage data, and the first usage control is extracted. Storing second usage control information for generating usage control information for using document data together with the information;
Document distribution method including

(Appendix 2)
The management information storage data includes computerized data such as image data or music data, and in the step B, the first usage control information is used as watermark data that cannot be visually or audibly recognized. The document distribution method according to attachment 1, wherein the document distribution method is embedded in data.

(Appendix 3)
The management information storage data includes computerized data such as image data or music data. In the stage B, the management information storage data is data that can be visually or audibly recognized as the first usage control information. The document distribution method according to appendix 1, wherein the document distribution method is stored in the document.

(Appendix 4)
The management information storage data includes a first data portion and a second data portion made of digitized data such as image data or music data, and the first usage control information is encrypted in step B. Watermark data that generates usage control information, stores the encrypted usage control information in the second data unit, and cannot visually or audibly recognize the encryption key information when the encrypted usage control information is generated The document distribution method according to claim 1, wherein the document distribution method is embedded in the first data portion.

(Appendix 5)
The second usage control information includes range designation information for designating a falsification prevention range of the document data, data type information of digitized data in which the watermark data is embedded, and a control type indicating an information type of the first usage control information Information, access policy information for digitized data included in the document data, watermark control information for converting the first usage control information into watermark data, and a data name of the first usage control information The document distribution method according to any one of appendices 1 to 4.

(Appendix 6)
The first usage control information includes the file format of image data or music data including at least one of image data, music data, encryption / authentication / signature related data, and a control program. Document distribution method described in any one.
(Appendix 7)
Any one of appendices 1 to 6, further comprising the step of duplicating information content stored in the management identifier to generate duplicate information and embedding the duplicate information in the management information storage data as a digital watermark The document distribution method described.

(Appendix 8)
Extracting the digitized data included in a predetermined range from the digitized data in the document data as confidential information, replacing the confidential information with other display information as the management information storage data, The document distribution method according to any one of appendices 1 to 7, wherein confidential information is stored in the management information storage data.

(Appendix 9)
The document distribution method according to appendix 8, wherein the confidential information is embedded in the management information storage data as watermark data that cannot be recognized visually or auditorily.
(Appendix 10)
The document distribution method according to appendix 8, wherein the confidential information is encrypted and stored in the management information storage data.

(Appendix 11)
Additional notes 1 to 10, wherein a signature value of digitized data included in a predetermined range of the digitized data in the document data is calculated, and the signature value is stored in the management information storage data. Document distribution method described in any one.
(Appendix 12)
Structure in which an identifier is set for each of a plurality of information items for document data composed of text data, image data, music data, and other electronic data, and content information for each information item is stored in the identifier A document data generation device comprising:
Usage control information generating means for generating usage control information necessary for using the document data;
First management information storage means for designating specific data as management information storage data and storing first usage control information constituting a part of the usage control information in the management information storage data;
A document structure generating means for setting an identifier for each information item in the digitized data included in the document data, and storing content information for each information item in the identifier;
A management identifier for setting the management information storage data as an information item in the document data is set, and the second usage control information constituting the usage control information complementarily with the first usage control information is managed. Second management information storage means for storing the content information of the identifier for use;
A document data generation apparatus comprising:

(Appendix 13)
Structure in which an identifier is set for each of a plurality of information items for document data composed of text data, image data, music data, and other electronic data, and content information for each information item is stored in the identifier A document data utilization device,
Document structure analysis means for analyzing the document structure of the distributed document data;
Second usage control information extracting means for extracting second usage control information in the management identifier included in the document data;
Document data utilization means for utilizing the document data based on the second utilization control information and the first utilization control information in the management information storage data included in the document data;
An apparatus for using document data.

(Appendix 14)
Structure in which an identifier is set for each of a plurality of information items for document data composed of text data, image data, music data, and other electronic data, and content information for each information item is stored in the identifier A program for causing a computer to execute a document distribution method,
(A) generating usage control information necessary for using the document data, and separating the usage control information into first usage control information and second usage control information that are complementary to each other;
(B) designating specific data as management information storage data, and embedding the first usage control information in the management information storage data;
(C) setting a management identifier for setting the management information storage data in which the first usage control information is embedded as an information item in the document data;
(D) Content information of management information storage data in which the first usage control information is embedded in the management identifier, and first usage control information is extracted from the management information storage data, and the first usage control is extracted. Storing second usage control information for generating usage control information for using document data together with the information;
Document distribution method program including

(Appendix 15)
(A) obtaining information embedded with use control information as watermark data that cannot be visually or auditorily recognized as digitized data;
(B) extracting the usage control information from the digitized data;
(C) obtaining document information of document data composed of specific text data, image data, music data, and other digitized data corresponding to the usage control information;
(D) setting an identifier for each of a plurality of information items for the document information, and generating a structured document that stores content information for each information item in the identifier;
Document management method.

(Appendix 16)
16. The document management method according to appendix 15, wherein an image in which usage control information is embedded as an invisible watermark that cannot be visually recognized is converted into digitized image data.
(Appendix 17)
17. The document management method according to appendix 15 or 16, wherein the usage control information is a link address on a website accessible via the Internet.

(Appendix 18)
Data acquisition means for acquiring information embedded with use control information as watermark data that cannot be visually or audibly recognized as digitized data;
Usage control information extraction means for extracting usage control information from the digitized data acquired by the data acquisition means;
Document information acquisition means for acquiring document information of document data composed of specific text data, image data, music data, and other electronic data corresponding to the usage control information extracted by the usage control information extraction means;
Structured document generating means for setting an identifier for each of a plurality of information items with respect to the document information acquired by the document information acquiring means, and generating a structured document for storing content information for each information item in the identifier;
A document management apparatus comprising:

(Appendix 19)
The document management apparatus according to appendix 18, wherein the data acquisition unit acquires digitized data obtained by converting an image in which use control information is embedded as an invisible watermark that cannot be visually recognized by a digital camera or an image scanner.
(Appendix 20)
20. The document management apparatus according to appendix 18 or 19, wherein the usage control information is a link address on a website accessible on the Internet.

(Appendix 21)
(A) obtaining information embedded with use control information as watermark data that cannot be visually or auditorily recognized as digitized data;
(B) extracting the usage control information from the digitized data;
(C) obtaining document information of document data composed of specific text data, image data, music data, and other digitized data corresponding to the usage control information;
(D) setting an identifier for each of a plurality of information items for the document information, and generating a structured document that stores content information for each information item in the identifier;
A program for causing a computer to execute a document management method including:

  According to the present invention, it is possible to detect an unauthorized person such as authentication and falsification of a document creator with respect to a paper document, and it is possible to detect the presence of authentication and falsification even when exchanging a document with a printed matter.

The functional block diagram of a data preparation apparatus. The functional block diagram of a data utilization apparatus. An explanatory diagram of a structured document. Explanatory drawing which shows the structure of tag sp. Explanatory drawing which shows the structure of tag sp. Explanatory drawing which shows the information classification stored as an element of tag sp. Explanatory drawing which shows the information classification stored as an attribute of tag sp. Explanatory drawing of the data format stored as an element or attribute of tag sp. Explanatory drawing which shows the data format of image information sp. The flowchart of document data generation. The flowchart of document data utilization. The flowchart of document data generation. The flowchart of document data utilization. The flowchart of document tag generation. The flowchart of document tag utilization. The flowchart of document tag generation. The flowchart of document tag utilization. Explanatory drawing which shows the classification of an access policy. The flowchart of document tag generation. The flowchart of document tag utilization. The flowchart which shows the classification of route information. The flowchart of document data generation. The flowchart of document data utilization. The flowchart of document data generation. The flowchart of document data utilization. Explanatory drawing which shows the classification of the image data used as an encryption image. Explanatory drawing of encryption image generation and utilization. The flowchart of document data generation. The flowchart of document data utilization. The flowchart of data storage of image information sp. The flowchart of data storage of image information sp. The flowchart of data storage of image information sp. The flowchart of data storage of image information sp. The flowchart of the data conversion of the image information sp. The flowchart of the decoding process of image information sp. The flowchart at the time of confidential information verification. The flowchart at the time of confidential information verification. The flowchart at the time of signature information verification. The flowchart at the time of signature information verification. Explanatory drawing which shows the information classification of the data stored in image information sp. Explanatory drawing which shows the display image of image information sp. The flowchart at the time of registration of OS registration image. The flowchart at the time of utilization of OS registration image. The control block diagram of the information management using OS registration image. The flowchart of document data generation. Explanatory drawing which shows the structure of document data. Explanatory drawing which shows the format of the image data stored in image information sp. The flowchart of document data utilization. Explanatory drawing which shows the digitization management process of a paper document. Explanatory drawing which shows the management process of an electronic document. Illustration of electronic library service. Explanatory drawing which shows the management information used for an electronic library service. Explanatory drawing which shows an example of the document data with which management information was embedded. Explanatory drawing which shows the example of mounting a security function. Explanatory drawing which shows an example of the tag sp described in an XML document. Explanatory drawing which shows an example of an XSL style sheet. Flowchart of document type definition. The flowchart of document data generation. The flowchart of document data utilization. Explanatory drawing which shows an example of the tag sp described in an XML document. Flowchart of document type definition. The flowchart of document data generation. The flowchart of document data utilization. Explanatory drawing which shows an example of the tag sp described in an XML document. Flowchart of document type definition. The flowchart of document data generation. The flowchart of document data utilization. Flow chart of electronic library service. Explanatory drawing of the example which reflects the authentication information of a digitized document on a paper document. Explanatory drawing of the example which performs utilization control of a document. Explanatory drawing of the security example of an XML document. Explanatory drawing of the example of a display based on the result of user authentication. Explanatory drawing of the example of a display based on the result of user authentication. The functional block diagram which shows schematic structure of the document management apparatus which utilizes data from the printed matter etc. in which watermark data was embedded. The functional block diagram of an image analysis part. The functional block diagram of an information management part. Explanatory drawing which shows the structural example of the XML document produced | generated. 6 is a flowchart showing a process for generating data such as printed matter in which watermark data is embedded. 6 is a flowchart showing processing for generating an XML document from a printed material in which watermark data is embedded.

Claims (4)

A range that is subject to usage restriction among the document data input from the data input unit in order to perform usage restriction on document data composed of text data, image data, music data, and other electronic data , A document distribution method executed by a document data generation apparatus that generates usage control information based on the document data and distributes it together with the document data as a structured document, wherein the document data generation apparatus includes:
(A) Generating first usage control information used for encryption of the document data, user authentication of the document data , or signature of the document data for the range subject to the usage restriction in the document data And the stage of
(B) receiving an instruction to set specific data of the document data as management information storage data, and embedding the first usage control information as invisible data in the management information storage data;
(C) setting a management tag for setting the management information storage data in which the first usage control information is embedded as an information item in the structured document;
(D) A data type indicating whether the first usage control information embedded in the management information storage data is data used for encryption, user authentication or signature , and the first usage control information is used for encryption. Either an encryption type indicating an encryption method in the case of data , or an authentication algorithm when the first usage control information is data used for user authentication, an expiration date of use of the document data, and the number of uses Or describing second usage control information including access policy information regarding processing authority for user document data as element contents or attribute values of a management tag;
Document distribution method that executes.   The management information storage data includes computerized data such as image data or music data, and in the step B, the first usage control information is used as watermark data that cannot be visually or audibly recognized. The document distribution method according to claim 1, wherein the document distribution method is embedded in data. A structured document that generates usage control information for restricting the use of document data composed of text data, image data, music data, and other electronic data, and distributes the structured data together with the document data. A data generator,
A data input unit that accepts an input about a range subject to usage restriction in the document data in order to generate the usage control information;
Of the document data, the first usage used for encryption of the document data, user authentication of the document data , or signature of the document data for a range subject to usage restriction received from the data input unit. control information, and the first usage control information encryption, user authentication or signature data type indicating whether the data used in any encryption when the first access control information is data used in the encryption method and one of the authentication algorithm for encryption type indicates the or a first usage control information, is data for use in user authentication, the expiration date of use of the document data, for usage number or the user of the document data, and usage control information generation unit for generating a second access control information, including the information of the access policy processing authority,
A first management information storage unit that accepts an instruction to set specific data out of the document data as management information storage data, and embeds the first usage control information as invisible data in the management information storage data;
Second management information that sets a management tag for setting the management information storage data as an information item in the structured document and describes the second usage control information as an element content or an attribute value of the management tag Storage means;
A document data generation apparatus comprising: A range that is subject to usage restriction among the document data input from the data input unit in order to perform usage restriction on document data composed of text data, image data, music data, and other electronic data , A program for a method of generating usage control information based on the document data and distributing it as a structured document together with the document data,
(A) Generating first usage control information used for encryption of the document data, user authentication of the document data , or signature of the document data for the range subject to the usage restriction in the document data And the stage of
(B) receiving an instruction to set specific data of the document data as management information storage data, and embedding the first usage control information as invisible data in the management information storage data;
(C) setting a management tag for setting the management information storage data in which the first usage control information is embedded as an information item in the structured document;
(D) A data type indicating whether the first usage control information embedded in the management information storage data is data used for encryption, user authentication or signature , and the first usage control information is used for encryption. Either an encryption type indicating an encryption method in the case of data , or an authentication algorithm when the first usage control information is data used for user authentication, an expiration date of use of the document data, and the number of uses Or describing second usage control information including access policy information regarding processing authority for user document data as element contents or attribute values of a management tag;
A program for causing a computer to execute a document distribution method including:

Images