JP4924269B2 - Operation restriction management system and program - Google Patents

Description

  The present invention relates to an operation restriction management system and a program.

  There is a technology that ensures the confidentiality of documents by setting policy information based on the security policy for documents such as electronic information generated using a given application or electronic information generated by a multifunction device. When doing so, only the operation indicated by the set policy information is possible. For example, in order to perform a printing operation with policy information, it is necessary to set printing authority.

  When synthesizing or deriving documents having such policy information set, the policy information may be inherited or newly set.

  In the prior art disclosed in Patent Document 1, when one binder document is created from a plurality of original electronic documents and the access right of the binder document is changed, the access right of the original electronic document is the same. The technology to change is shown.

In other words, the prior art disclosed in Patent Document 1 is a technique that allows the access rights of the original document and the generated binder document to be changed at the same time when the binder document is generated.
JP 2006-268464 A

  SUMMARY OF THE INVENTION An object of the present invention is to provide an operation restriction management system and program for changing operation restrictions of related documents related to a document by changing operation restrictions set for the document.

  In order to achieve the above object, the invention of claim 1 is an operation restriction information storage means for storing operation restriction information for restricting operation of a document, and operation restriction by the operation restriction information stored in the operation restriction information storage means. Operation history management means for managing the operation history of the document to be performed, and when the operation restriction information stored in the operation restriction information storage means is changed, the operation history of the corresponding document managed by the operation history management means is used. Related document search means for searching for related documents related to the document, and operation restriction information changing means for changing the operation restriction information set in the related documents searched by the related document search means to the operation restriction information after the change. It is characterized by comprising.

  According to a second aspect of the present invention, in the first aspect of the invention, the operation history management means operates by changing the operation restriction information of the document and a related document related to the document by the operation restriction information changing means. It is managed as a history.

  The invention according to claim 3 is the invention according to claim 1 or 2, wherein the operation history management means records related identification information on one or more related documents related to the document in the operation history of the document. The related document search means searches for the related document related to the document using the related identification information indicated by the operation history of the document managed by the operation history management means. To do.

  The invention according to claim 4 is the invention according to claim 1 or 2, wherein the related document search means searches for the related document from documents within a specified search range.

  The invention of claim 5 further comprises operator authentication means for authenticating an operator who operates a document whose operation is restricted by the operation restriction information in any of the inventions of claims 1 to 4, wherein the operation The restriction information changing means changes the operation restriction information of the related document related to the document to the operation restriction information of the document by the operator authenticated by the operator authentication means.

  The invention according to claim 6 is the invention according to any one of claims 1 to 5, wherein the document and the related document are printed matter on which identification information is printed, and the operation restriction information storage means is the identification information. Operation restriction information is stored for the information.

  According to the seventh aspect of the present invention, the computer restricts the operation by the operation restriction information storage means for storing the operation restriction information for restricting the operation of the document and the operation restriction information stored in the operation restriction information storage means. When the operation history management means for managing the operation history of the document and the operation restriction information stored in the operation restriction information storage means are changed, the operation history of the corresponding document managed by the operation history management means is used to Related document search means for searching related documents related to the document, and operation restriction information changing means for changing the operation restriction information set in the related documents searched by the related document search means to the operation restriction information after the change It is characterized by that.

  According to the first aspect of the present invention, when the operation restriction information set in the document is changed, a related document related to the document whose operation restriction information is changed is searched from the operation history, and the policy information of the related document is obtained. This also has the effect of making it possible to change both at the same time.

  Further, according to the second aspect, the documents can be related even in the operation of changing the operation restriction information of the document, and the operation restriction information of the related document related to the document can be obtained by changing the operation restriction information of the document. Will also be able to change.

  Further, according to the third aspect, there is an effect that related documents related to the document can be searched at higher speed.

  According to the fourth aspect of the present invention, it is possible to prevent the operation restriction information of an unintended document from being changed when the policy information of the related document is changed due to the change of the operation restriction information. Play.

  According to the fifth aspect of the present invention, it is possible to ensure higher safety when changing the operation restriction information.

  Further, according to the sixth aspect, there is an effect that it is possible to change the operation restriction information set for the identification information for identifying the printed matter.

  According to the seventh aspect of the present invention, when the operation restriction information set in the document is changed, a related document related to the document whose operation restriction information is changed is searched from the operation history, and the policy information of the related document is obtained. Also has the effect that it can be changed at the same time.

  Hereinafter, an example of an operation restriction management system and a program according to an embodiment of the present invention will be described in detail with reference to the accompanying drawings.

  FIG. 1 is an example of a system configuration diagram of an operation restriction information management system configured by applying an operation restriction management system and a program according to an embodiment of the present invention.

  In FIG. 1, the operation restriction information management system includes a policy server 100, a log management server 200, and a client PC 300, and changes policy information that is operation restriction information set in a document based on a predetermined security policy. Thus, the policy information of other documents related to the document (hereinafter referred to as “related documents”) can be similarly changed.

  The security policy indicates a policy and norm for eliminating risk factors and ensuring confidentiality of a document. In order to realize confidentiality by the security policy, the policy server 100 manages based on the security policy. The policy information to be associated is set (set) to the document.

  There are encryption functions and operation management functions as security policies for preventing information leakage and unauthorized access, and policy information specifies the security level of these functions.

  The policy server 100 has a user authentication function for authenticating a user who is an operator of a document by a combination of a user ID and a password, and for document identification information (hereinafter referred to as “document ID”) for identifying a document. Manages policy information set for the document. The policy server 100 also manages a decryption key for decrypting a document encrypted by the security policy encryption function in association with the document ID.

  Of course, a separate authentication server (not shown) is provided, and by transmitting a user authentication request from the policy server 100 to the authentication server, user authentication is performed using operator information managed by the authentication server. The configuration may be such that the authentication result is transmitted to the requesting policy server 100.

  A document for which policy information is set is a document that has been encrypted or restricted by the encryption function or operation management function. This document will be referred to as a “security document” hereinafter. Operation is possible by satisfying the set policy information.

  The client PC 300 performs predetermined operations such as browsing, editing, and printing on the security document in which the policy information is set. In these operations, in order to authenticate a user who is an operator, user information is transmitted to the policy server 100 to make an authentication request. Authentication by the policy server 100 enables a predetermined operation of the security document.

  At this time, the client PC 300 receives from the policy server 100 a list of operation contents permitted for the security document and a decryption key for decrypting the encrypted security document. This composite key corresponds to an encryption key used in an encryption algorithm for encrypting a document, and is information used to decrypt a document encrypted using the encryption key.

  Subsequently, the client PC 300 decrypts the security document using the received decryption key, and performs operations such as browsing and editing on the decrypted document. After that, when the operation is completed, a document ID for identifying the document after the operation is generated, and a “traceable ID” that can trace the process from the security document before the operation to the document with the document ID is generated. And registered in the log management server 200 together with the operation content.

  This document ID is identification information newly generated when an editing operation or the like for changing the document content of the security document is performed, and a new document ID for an operation that does not change the document content itself such as browsing. Is not generated, and in this case, only a traceable ID is generated. That is, the traceable ID is generated in any operation and set in the document.

  When a new document is generated by an editing operation or the like, the policy information set in the document before the editing operation is set as the policy information of the document. Of course, the user can select other policy information managed by the policy server 100 using the client PC 300, and the selected policy information can be set in the edited document.

  The log management server 200 manages operation history information (log information) that shows the history of operation contents for a security document in series. The log information managed by the log management server 200 includes a document ID for identifying a document to be operated, information on a user who has operated the document with the document ID, a traceable ID of the document before the operation, and a traceable ID of the document after the operation. And a related document related to a document that records an operation history can be searched. In the present invention, the retrieval of the related document indicates that the document is specified by the document ID.

  The log management server 200 manages an operation history for operations such as editing, browsing, printing, and the like that do not change the document content itself. In this case, as described above, a new document ID is not generated, and only a traceable ID is generated and managed as an operation history.

  When the operation source document is set as a “parent document” by the client PC 300, a new document generated by operating the parent document becomes a “child document”.

  By constructing the hierarchical structure of the parent-child relationship, the document (parent document) from which the generated document (child document) is derived can be specified, and the document (child document) generated from the source document (parent document) ) Can be specified. These parent-child relationships are indicated by “traceable ID” set in the document.

  In this embodiment, an example in which a request for changing policy information set in a document is issued from the client PC 300 and the policy server 100 collectively or selectively changes the policy information of the document and related documents based on the change request. However, the present invention is not limited to this, and the client PC 300 may receive the changed policy information from the policy server 100 to perform a process for changing the policy information collectively.

  In the operation restriction information management system having such a configuration, when the client PC 300 makes a request for changing the policy information set in the security document to be operated, the change request is transferred to the policy server 100. The policy server 100 that has received the policy information change request requests the log management server 200 for a list of related documents related to the security document, and is requested to change the policy information of the related documents indicated in the received list of related documents. The policy information included in the change request is changed together with the policy information of the selected document.

  In this embodiment, an example is shown in which a security document is created according to the security policy of the encryption function and the operation management function, and the policy server 100 encrypts the security document by the encryption function when the security document can be operated by user authentication. A decryption key for decrypting the encrypted security document and a list of operation contents managed by the operation management function are transmitted to the client PC 300 that is the operation source.

  The client PC 300 decrypts the security document with the received decryption key and performs an operation based on the operation authority by the operation management function. When the change of policy information is permitted by the operation authority, the policy information change request from the client PC 300 to the policy server 100 is transmitted.

  Upon receiving the policy information change request from the client PC 300, the policy server 100 sends a search request for a related document related to the requested document to the log management server 200, and the log management server 200 changes the management history to the document. A related related document is searched, and a list of the related documents is transmitted to the policy server 100 of the request source.

  The policy server 100 changes the policy information of the related document shown in the list to the policy information designated by the client PC 300.

  A detailed functional configuration of the operation restriction information management system having such a configuration is shown in FIG. 2 and will be described below.

  FIG. 2 is a block diagram showing a functional configuration of the operation restriction information management system in the embodiment of the present invention.

  2, the operation restriction information management system includes a display operation unit 201, an operation control unit 202, an identification information generation unit 203, an authentication unit 204, a user information management unit 205, a policy control unit 206, a policy storage unit 207, and a document information storage. Unit 208, security information registration unit 210, history control unit 211, history recording unit 212, and history storage unit 213.

  In the system configuration diagram of FIG. 1, a display operation unit 201, an operation control unit 202, and an identification information generation unit 203 are realized by a client PC 300, an authentication unit 204, a user information management unit 205, a policy control unit 206, a policy storage unit 207, An example is shown in which the document information storage unit 208 and the security information registration unit 210 are realized by the policy server 100, and the history control unit 211, the history recording unit 212, and the history storage unit 213 are realized by the log management server 200.

  The display operation unit 201 is a user interface and includes a keyboard, a pointing device, a display display, and the like. When policy information based on a security policy is specified for a document (non-security document) for which policy information is not set using the display operation unit 201, the specified policy information is set from the display operation unit 201 to the operation control unit 202. Make a setting request.

  At this time, as an example of a method for specifying policy information to be set in a document, there is a method using a screen as shown in FIG. FIG. 3 will be described below.

  The operation control unit 202 performs main control of operations on the document and also controls processing related to change of policy information set in the document.

  When a policy information setting request is received from the display operation unit 201, the operation control unit 202 generates a document ID for identifying the document and a traceable ID generation request for enabling tracking of a specific document from the document operation process. To the identification information generation unit 203 to generate a security document in which designated policy information is set.

  This security document generation process is a process for ensuring confidentiality by designating the operation authority indicated by the designated policy information in the document and performing encryption using the encryption algorithm designated in the policy information.

  Subsequently, the identification information generation unit 203 that has received a generation request for identification information (document ID, traceable ID) from the operation control unit 202 generates a document ID and a traceable ID based on the generation request. The generated identification information responds to the operation control unit 202 that is a request source, and the operation control unit 202 stores the identification information and the user information in the operation recording unit 212 in order to record the contents of the operation as history information. Send information such as information and operation details.

  The operation recording unit 212 performs a process of recording an operation history managed as history information in the history storage unit 213. Information recorded in the history storage unit 213 by the operation recording unit 212 is stored in a table configuration as shown in FIG. 7, for example. This FIG. 7 will also be described below.

  By the way, in the case of processing for generating a security document by setting policy information for a document (non-security document) for which policy information is not set, new history information of the security document is registered and operation history recording is started. Therefore, the history storage unit 213 stores this operation as “registration”.

  The operation history stored in the history storage unit 213 is information controlled by the history control unit 211, and is used for searching related documents related to a document whose policy information is to be changed.

  In this way, the security information is generated by setting the policy information to the non-security document in which the policy information is not registered. In this process, the operation history is stored in the history storage unit 213.

  Hereinafter, a process for changing the policy information of a document set in the security document will be described.

  First, when user information (user ID, password) for authenticating a user who is an operator is input using the display operation unit 201, a user authentication request including the user information is transmitted to the operation control unit 202. The operation control unit 202 determines that the request is an authentication request and transfers the request to the authentication unit 204.

  The authentication unit 204 performs processing for authenticating the user using the user information managed by the user information management unit 205. When it is authenticated by this user authentication that the policy information can be changed, the authentication result is displayed on the display display of the display operation unit 201 via the operation control unit 202.

  Incidentally, authentication information (token) indicating the result of authentication is temporarily stored in a storage area which is a work area of the display operation unit, and is erased when the operation ends.

  When the change of policy information set in the security document is instructed from the display operation unit 201 in the state where the user authentication is performed as described above, the operation control unit 202 is notified of the policy information change request operation. This policy information change instruction is performed using, for example, a screen as shown in FIG.

  FIG. 6 is a diagram showing a screen for instructing change of policy information set in a document in the operation restriction information management system according to the embodiment of the present invention.

  The screen shown in FIG. 6 shows the range of documents whose existing policy information is to be changed with the policy information specified in the [policy information specification] item 601 and the [policy information specification] item 601 for specifying policy information to be set in the operated document. A [change document range specification] item 602 to be specified, an OK button 603, and a cancel button 604 are provided.

  In a [policy information designation] item 601, policy information that can be set for a document can be selected. This policy information is information stored in the policy storage unit 207 of FIG. 2, and is received via the policy control unit 206 when the display operation unit 201 displays the screen of FIG.

  [Changed document range designation] item 602 includes (1) “whole related document (including documents generated and edited by other users)”, (2) “restricted related document ( (Includes only documents created / edited by me) ”, (3)“ restricted related documents (including paper documents, only documents created / edited by me) ”, (4)“ only this document (related document policy) "Do not change)" can be selected.

  (1) When “All related documents (including documents created and edited by other users)” is selected, all documents related to the document specified as the target document whose policy information is to be changed are selected as related documents. To do. In addition, when (2) “Restricted Related Documents (including only documents created / edited by me)” is selected, among the related documents related to the document specified as the target document whose policy information is to be changed, A document operated by the user of the target document is selected as a related document. In addition, when (3) “Restricted related documents (including paper documents and only documents created / edited by myself)” is selected, the related documents related to the document specified as the target document whose policy information is to be changed are selected. Among them, a document in which a paper document is created by printing is also selected as a related document. Further, when (4) “Only this document (does not change the policy of related documents)” is selected, the related document is not selected, and the policy information of only the document designated as the target document whose policy information is to be changed is changed. To do.

  Of these four cases, the flow of processing for changing the policy information under the conditions (1) to (3) will be described below with reference to FIGS. Incidentally, in the condition (4), the process of searching for related documents is not performed, so that the flow of the process becomes unnecessary.

  When a policy information change instruction is issued from the display operation unit 201 using the screen as shown in FIG. 6, the operation control unit 202 determines that the content of the change instruction is a policy information change and performs policy control. Requests change control of policy information to the unit 206.

  The policy control unit 206 controls processing such as registration, management, and change of policy information. When a policy information change request is received from the operation control unit 202, the policy control unit 206 sends a search request for other related documents related to the requested document to the history control unit 211.

  The history control unit 211 receives a related document search request from the policy control unit 206 to search for a related document based on the policy information change condition designated by the display operation unit 201 using FIG. The related documents to be listed are sent to the policy control unit 206 as the request source.

  The history control unit 211 searches for other related documents related to a certain security document by forming a relationship between the documents from the history information stored in the history storage unit 213. This relationship can be shown by a tree structure (tree structure), for example, and an example of the tree structure is shown in FIG.

  FIG. 5 is a diagram showing the relationship of history information managed by the operation restriction information management system according to the embodiment of the present invention.

  5A is a diagram showing an example of a logical relationship between documents. In FIG. 5A, a predetermined operation (for example, an editing operation) is performed on “document A”. “Document B” and “Document C” are associated with each other as related documents. The document ID “DocID_A” is set in “Document A”, the document ID “DocID_B” is set in “Document B”, and the document ID “DocID_C” is set in “Document C”. Since different document IDs are set for the respective documents, the documents B and C indicate a state in which an editing operation or the like for changing the document content is performed on the document A.

  At this time, the document A is a “parent document”, and the documents B and C have a relationship of “child document” with the document A as a parent document.

  A traceable ID (noted as “TID”) is set between the document A and the document B, and between the document A and the document C, and “TID_1” is set as a traceable ID between the document A and the document B. “TID_2” is set as a traceable ID between the document A and the document C, and the documents are associated with each other.

  Incidentally, the document B and the document C are in a state where the same policy information as that of the document A, which is the parent document from which each document is set, is created.

  The state of policy information set for these security documents is shown in FIG.

  FIG. 5B shows a [policy ID] item 501 indicating a document ID for identifying each document, and a [policy information] item indicating policy information set in the document with the document ID specified in the [document ID] item 501. Reference numeral 502 denotes a [decryption key] item 503 indicating a decryption key for decrypting the document with the document ID in the [document ID] item 501.

  That is, the policy information “policy 1” shown in the [policy information] item 502 is set in all the documents “DocID_A, DocID_B, DocID_C” shown in the [document ID] item 501, and different decryption keys are assigned to the respective documents. The set state is shown.

  When policy information is instructed to be changed using the screen shown in FIG. 6 from the state in which the policy information is set for each document in this way, the policy information is changed based on the content of the instruction. An example of changing the policy information at this time is shown in FIG.

  FIG. 5C shows a state in which the policy information set in each security document has been changed from “policy 1” to “policy 2” in FIG. 5B. This is because any one of document A, document B, and document C is designated as a policy information change target document, and other documents related to the designated document are designated as related documents. An example of changing to “policy 2” is shown.

  In FIG. 5C, “policy 2 (browsing rights for group B and group C)” is selected as the “policy information designation” item 601 in FIG. By selecting (including documents generated and edited by other users), the policy information of all documents is changed to “policy 2”.

  As described above, the history control unit 211 searches for a related document using the document ID and traceable ID managed by the history storage unit 213.

  As a method for searching the related document by the history control unit 211, there are, for example, a method of selecting a condition that can be selected on the screen shown in FIG. 6 and a method of specifying the related document from the screen shown in FIG. A detailed related document retrieval method using these screens is shown in FIGS. 13 to 15 and FIGS. 16 to 20 and will be described below.

  As described above, the policy control unit 206 that has received the list (list) of related documents from the history control unit 211 acquires the changed policy information designated from the operation control unit 202 from the policy storage unit 207 and receives the received list. Change the policy information of the related document indicated in.

  Incidentally, the policy information managed by the policy storage unit 207 is, for example, information as shown in FIG.

  When the policy control unit 206 changes the policy information of a predetermined security document and related related documents, the policy control unit 206 notifies the operation control unit 202 of the result. The operation control unit 202 causes the display operation unit 201 to display the notified content. In particular, when the notification content indicates a change failure, the user is notified via the display operation unit 201.

  FIG. 3 is a diagram showing a screen for designating conditions for generating a security document in the operation restriction information management system according to the embodiment of the present invention.

  The screen shown in FIG. 3 is a screen for specifying policy information to be set for a document, and is a screen displayed on the display operation unit 201 in the block diagram of FIG.

  This screen includes a [policy information selection] item 301 for specifying policy information to be specified for a document and a [target document specification] item 302 for specifying a document for setting policy information selected in the [policy information selection] item 301. Composed. [Target document specification] item 302 can also be specified from a list of documents displayed by pressing reference button 303.

  When each item is designated and the OK button 304 is pressed, a process of generating a security document in which policy information is set in the designated document is performed. Incidentally, when the cancel button 305 is pressed, the process of setting the policy information for the document is canceled.

  In the example shown in FIG. 3, “policy 1 (edit right for group B, no operation right for group C)” is selected in the “policy information selection” item 301, and “C: \ This shows a state in which “Document A” at the position of “Documents and Settings \ userA1 \ Desktop \ Document A” is designated.

  When the OK button 304 is pressed in this state, the policy 1 is applied to the document A, in which an editing right is set for a user belonging to the group B and an operation right is not set for the user belonging to the group C. A secure document is generated.

  FIG. 4 is a diagram showing a list of permitted operation contents for the policy information of the operation restriction information management system according to the embodiment of the present invention.

  FIG. 4 shows table-structured policy information, which is an example of policy information managed by the policy storage unit 207 in the block diagram shown in FIG. 2, and includes a [policy type item] 401 indicating a policy type, a document When a user who belongs to the group indicated by the [User Group] item 402 operates a document in which the policy information specified by the [User Group] item 402 and the [Policy Type] item 401 indicating the group to which the user to operate operates. [Allowed operations] items 403 indicating the permitted operation contents are configured.

  In FIG. 4, “policy 1” is set as the “policy type item” 401, “group A” is set as the “user group” item 402, and “view, print, edit, An example in which “policy change” is set is shown.

  This indicates that an operation permitted when a user belonging to group A operates a security document in which policy 1 is set is “view, print, edit, policy change”.

  As another example, “policy 1” is set as [policy type item] 401, “group C” is set as [user group] item 402, and “-(access impossible)” is set as [permitted operation] item 403. ) ”Is shown.

  This indicates that there is no operation permitted when a user belonging to group C operates a security document in which policy 1 is set, that is, a user belonging to group C cannot operate this document. Is shown.

  FIG. 7 is a diagram showing document operation history information managed by the log management server of the operation restriction information management system according to the embodiment of the present invention.

  In FIG. 7, this history information shows an example managed in a table configuration, and is stored in the history storage unit 213 in the block diagram shown in FIG. This history information includes [pre-operation traceable ID (pre-operation TID)] item 701, [post-operation traceable ID (post-operation TID)] item 702, [document ID] item 703, [operation content] item 704, [operator]. ] Item 705 is configured.

  The [Document ID] item 703 is identification information for identifying a document in a state after the operation. The [Operation Details] item 704 is performed on the document having the identification information indicated by the [Document ID] item 703. The contents of the operation are shown. For example, there are a process for newly generating a security document and registering history information, and a process for editing a security document in which history information is registered.

  An “operator” item 705 indicates a user who has performed an operation indicated in the “operation content” item 704 on the identification information document of the “document ID” item 703.

  Further, a [pre-operation traceable ID (pre-operation TID)] item 701 is information for specifying a document in a state before the operation history for the document indicated by the document ID in the [document ID] item 703 is recorded. The post-operation traceable ID (post-operation TID) item 702 is information for identifying the document in which the operation content indicated by the [operation content] item 704 has been performed from the document in the state before the operation.

  In the example illustrated in FIG. 7, the [Document ID] item 703 is “DocID_A”, the [Operation Details] item 704 is “Registration”, and the [Operator] item 705 is “userA1”. The history information of the security document identified by DocID_A is newly registered by userA1.

  In the security document in this state, “-(none)” is specified in the “pre-operation traceable ID (pre-operation TID)” item 701, and “post-operation traceable ID (post-operation TID)” item 702 is “ Since “TID1” is specified, this indicates that the pre-operation TID is not set, a security document is generated, an operation history is newly registered, and the traceable ID of the registration process is “TID1”. Show.

  Further, in FIG. 7, the “pre-operation traceable ID (pre-operation TID)” item 701 is “TID1”, the “post-operation traceable ID (post-operation TID)” item 702 is “TID2”, and the “document ID” item 703 is displayed. Is “DocID_B”, the “operation content” item 704 is “edit”, and the “operator” item 705 is “userA1”.

  This is because the history information of the security document identified by DocID_B is newly edited by userA1, the traceable ID for specifying the security document before this editing operation is “TID1”, and the security document generated by the editing operation is This indicates that the traceable ID for identification is “TID2”.

  Therefore, a security document in which “TID1” is set in the [Traceable ID after Operation (TID After Operation)] 702 has “TID1” set in the [Traceable ID Before Operation (TID Before Operation)] 701. This indicates that the document is a state before the security document is operated.

  That is, the security document with the document ID “DocID_A” is a document in a state before the security document with the document ID “DocID_B” is generated.

  The policy information is changed by the configuration as described above.

  8 to 11 show sequences that are state transitions of the operation restriction information management system.

  FIG. 8 is a sequence diagram showing a flow of processing for generating a security document by setting policy information in a document in the operation restriction information management system according to the embodiment of the present invention.

  As pre-processing for starting this processing, in order to determine whether the user is capable of generating a security document by setting policy information in the document, the user information and password specified using the client PC are used. It transmits to the policy server (801). The policy server that has received the user information and password performs user authentication based on user information managed in advance (802), and transmits the authentication result and policy information that can be used by the user to the client PC when authentication is successful. (803).

  Of course, a configuration may be adopted in which user authentication is not performed by the policy server but an authentication request is made from the policy server to another authentication server.

  When the client PC receives the policy information available to the user from the policy server, the client PC can select desired policy information from the policy information using a screen as shown in FIG. Similarly, processing for setting a document set using the screen of FIG. 3 is performed (804), and a security document is generated.

  Subsequently, a document ID for identifying the security document and a traceable ID indicating a state to become the security document are generated (805).

  Then, the document ID generated for recording the history information that generated the security document, the set policy information, and the decryption key for the encryption key of the security document are transmitted to the policy server. In this embodiment, since an example in which an encryption function is used as a security policy is shown, a decryption key for an encryption key of an encryption algorithm for encrypting a document is generated. (806).

  The policy server that has received them registers policy information and a decryption key in association with the received document ID (807).

  Further, the client PC transmits the document ID, traceable ID, user information, and operation information to the log management server (808). The log management server that has received these pieces of information records the operation history as shown in FIG. 7 (809).

  In this state, the log management server manages the history information of the security document.

  Next, FIG. 9 is a sequence diagram showing a flow of processing for performing an operation of editing a security document in the operation restriction information management system according to the embodiment of the present invention.

  For example, the editing operation is performed on the security document generated by the process shown in FIG. First, when a security document to be edited is designated, the document ID of the security document, user information of the user who performs the editing operation, and a password are transmitted to the policy server (901).

  The policy server that receives these pieces of information performs user authentication (902), and when the authentication is performed, the decryption key for decrypting the security document indicated by the document ID and the policy information set in the security document are requested. To the client PC (903).

  When the user is authenticated and receives the decryption key and policy information, the client PC decrypts the security document using the decryption key (904), and performs an editing operation using a predetermined application related to the document (905).

  When the editing operation is completed, the edited document is encrypted with a predetermined encryption algorithm designated in advance (906). A decryption key for decrypting the security document encrypted by this encryption process is generated. After the encryption process, a new document ID of the encrypted security document and a traceable ID for specifying the state of the document by the operation process are generated or acquired (907).

  Then, the document ID, policy information, and decryption key are transmitted to the policy server (908). The policy server that has received them registers policy information and a decryption key in association with the document ID (909).

  Further, the client PC transmits the document ID, the traceable ID of the document before the operation, the traceable ID generated after the operation, the user information, the operation information, and the like to the log management server (910).

  The log management server manages such information as an operation history with the configuration shown in FIG. 7 (911).

  FIG. 10 is a sequence diagram showing a flow of processing for copying the document indicated by the identification information by reading the identification information given to the printed matter in the operation restriction information management system according to the embodiment of the present invention. .

  The sequence shown in FIG. 10 is a process in the case where a multifunction peripheral is newly added to the configuration shown in FIG. 1, and the multifunction peripheral performs an operation of copying (copying) a document with respect to identification information managed by the log management server. . In this process, the log management server manages print data for the document ID in advance.

  First, the multi-function peripheral transmits user information read from the card reading device, password, and the information input from the operation panel to the policy server (1001). The policy server that has received the user information and password transmits an operation menu, which is a list of operations that can be operated by the authenticated user, to the multi-function device when it is indicated that the user authentication has been performed (1003).

  In the MFP that has received the operation menu, when a copy process is selected from the operation menu, a process for acquiring a document ID for identifying a document by reading a printed material is performed (1004). Subsequently, the acquired document ID is set as a policy. Processing to transmit to the server is performed (1005).

  The policy server searches for the optimum policy information based on the received document ID and user information (1006), and transmits the matching policy information to the multifunction peripheral (1007). The multifunction device that has received the policy information confirms the policy information (1008), and if the copy is possible, requests the print data for the document ID from the log management server (1009).

  The log management server for which the print data request has been made searches the print data for the document ID (1010), and transmits the matching print data to the multifunction peripheral (1011).

  Upon receiving the print data, the multi-function peripheral performs print output (1012), generates a document ID for identifying the document of the print data for which print output has been performed, and also generates a traceable ID (1013). The generated document ID and policy information are transmitted to the policy server (1014). The policy server registers as policy information for the document ID (1015).

  Further, the MFP transmits the document ID of the print data that has been printed out, the traceable ID of the document of the print data, the newly generated traceable ID, user information, operation information, and the like to the log management server (1016). The received log management server registers such information as history information (1017).

  FIG. 11 is a sequence diagram showing a state transition of processing for changing policy information set in a security document in the operation restriction information management system according to the embodiment of the present invention.

  A security document whose policy information is to be changed is designated, and a policy change request including the document ID, user information, and password of the security document is transmitted to the policy server (1101). Upon receiving this policy change request, the policy server performs user authentication using information included in the policy change request (1102), and the policy information set in the security document identified by the document ID by the authentication is obtained. The request is sent to the requesting client PC (1103).

  The policy server is in a state of managing the policy information set for each document by a sequence as shown in FIG.

  Subsequently, in the client PC, when the user selects new policy information after the change using a screen or a setting file (1104), the selected policy information and the document ID of the document in which the policy information is set are set in the policy server. (1105). The policy server requests the log management server for a list of related documents related to the received document with the document ID (1106).

  In this related document list request, a range of documents for which policy information is to be changed is designated, and a process for making a related document a document within the designated range is performed. Incidentally, the range of the document can be specified using, for example, a “changed document range specification” item 602 on the screen as shown in FIG.

  Subsequently, the log management server that has received the related document list request from the policy server searches for the related document for the requested document ID (1107). Flowcharts showing the detailed flow in this search processing are shown in FIGS. 13 to 15, and specific examples will be described below with reference to FIGS.

  In addition to these search processes, the user may select a related document using a screen as shown in FIG.

  When related documents are searched by this search processing and a list of these related documents is generated, the list is transmitted to the requesting policy server (1108).

  Upon receiving the list of related documents, the policy server changes the policy information of the related documents registered and managed to the selected policy information (1109). After changing the policy information of all the related documents, the fact that the processing is completed is transmitted to the client PC which is the policy information change request source (1110).

  Next, a method for specifying a related document related to a security document whose policy information is to be changed will be described.

  FIG. 12 shows a method of specifying a related document by the user selecting a related document, and FIGS. 13 to 15 show a method of specifying a security document meeting a condition as a related document. 13 to 15 are flowcharts of search conditions (except for the condition (4)) that can be selected in the [Change Document Range Specification] item 602 on the screen shown in FIG.

  FIG. 12 is a diagram showing a screen for selecting a related document related to a predetermined document in the operation restriction information management system according to the embodiment of the present invention.

  FIG. 12 includes a [derivation relationship display] item 1201 and a [policy information selection] item 1202 that show a derivation relationship of the document in a hierarchical structure when a predetermined document is selected, and a [policy change] button 1203 is pressed. As a result, the process of changing the policy information of the document selected in the [derivation relation display] item 1201 to the policy information selected in the [policy information selection] item 1202 starts. Also, pressing the [Cancel] button 1204 cancels the policy information change processing.

  [Derivation relation display] item 1201 is an item indicating a hierarchical structure formed by a predetermined document. FIG. 12 shows a hierarchical structure formed by document G when “document G” is designated as the predetermined document. Show.

  Further, FIG. 12 shows documents (document A, document B, document C, document D, document E, document F, document G, document H, document forming the hierarchical structure shown in the [derivation relation display] item 1201. I, document J) shows a state where seven documents, document A, document E, document F, document G, document H, document I, and document J, are selected as related documents whose policy information is to be changed.

  The [policy information selection] item 1202 is an item for selecting the changed policy information for changing the policy information of the document selected in the [derivation relation display] item 1201. The example shown in FIG. 12 shows an example in which “policy 1 (group B has editing rights and group C does not have operating rights)” is selected.

  That is, the policy information of the seven documents selected in the [Derivation Relationship Display] item 1201 is changed to “Policy 1 (Group B has editing rights and Group C does not have operation rights)” selected in the [Policy information selection] item 1202. Be changed.

  FIG. 13 is an example of a flowchart showing the flow of processing when selecting to change policy information of all related documents as a condition for selecting a document whose policy information is to be changed on the screen shown in FIG. .

  In FIG. 13, when a list of related documents related to a predetermined security document is requested by the policy server, the log management server searches history information (log information) of the security document (1301). This processing is, for example, to indicate a record in which the document ID of the security document is shown from the history information as shown in FIG.

  As a result, among the traceable IDs indicated in the history information of the searched security document, the traceable ID for searching the parent document is acquired (1302). It is determined whether or not this traceable ID has been acquired (1303), and if it can be acquired (YES in 1303), an operation history (hereinafter referred to as the root document state) indicating the root original document state by tracing the traceable ID sequentially. All traceable IDs up to “route history” are acquired (1304).

  On the other hand, when the traceable ID for searching for the parent document cannot be acquired (NO in 1303), it is not necessary to perform this process because it indicates that this security document is a route history having no parent document.

  As a result, the document ID of the root document for the predetermined security document and the traceable ID are specified.

  Next, the traceable ID of each document that is a descendant of the security document represented by the identified route history is acquired (1305). Then, the document ID corresponding to the traceable ID is acquired (1306). Then, a document ID list is created by removing duplication from the acquired document ID (1307). The created document ID list is transmitted to the policy server (1308).

  The process of removing the duplication is a process of omitting history information recorded by an operation that does not change the document content such as browsing or reference.

  FIG. 14 is a flowchart showing the flow of processing when it is selected to change the policy information of a related document related to a specific user as a condition for selecting the document whose policy information is to be changed on the screen shown in FIG. It is an example.

  In FIG. 14, when a list of related documents related to a predetermined security document is requested by the policy server, the log management server searches history information (log information) of the security document (1401).

  As a result, among the traceable IDs indicated in the history information of the searched security document, the traceable ID for searching for the parent document is acquired (1402). It is determined whether or not this traceable ID has been acquired (1403), and if it can be acquired (YES in 1403), all traceable IDs up to the route history are acquired by sequentially tracing the traceable ID (1404). .

  On the other hand, when the traceable ID for searching the parent document cannot be acquired (NO in 1403), this security document is the parent document indicated by the route history.

  Thereby, the document ID of the route history for the predetermined security document and the traceable ID are specified.

  Next, a traceable ID of each document that is a descendant as seen from the security document of the identified route history is acquired (1405). Among the acquired traceable IDs, the traceable ID of each document for which the user who made the policy information change request has performed an operation for changing the document content such as registration or editing is acquired (1406).

  Then, the document ID corresponding to the traceable ID is acquired (1407). Then, a document ID list is created by removing duplication from the acquired document ID (1408). The created document ID list is transmitted to the policy server (1409).

  In the process shown in FIG. 14, for example, user A generates a security document, publishes the document in the middle of editing the security document, and allows other users to edit the security document. This is useful if you do not want to change the policy information of a document that has been manipulated by another user, even if the security document has been released. is there.

  That is, it is effective when it is desired to change only the policy information of a security document whose contents are fixed.

  FIG. 15 shows a process when the policy information of a related document related to a specific user including a paper document is selected as a condition for selecting a document whose policy information is to be changed on the screen shown in FIG. It is an example of the flowchart which shows the flow of.

  In FIG. 15, when a list of related documents related to a predetermined security document is requested by the policy server, the log management server searches history information (log information) of the security document (1501).

  As a result, a traceable ID for searching for the parent document is acquired from the traceable IDs indicated in the history information of the searched security document (1502). It is determined whether or not this traceable ID has been acquired (1503). If it can be acquired (YES in 1503), all traceable IDs up to the route history are acquired by sequentially tracing the traceable ID (1504).

  On the other hand, when the traceable ID for searching the parent document cannot be acquired (NO in 1503), this security document is the parent document indicated by the route history.

  Thereby, the document ID and the traceable ID of the route history for the predetermined security document are specified.

  Then, the traceable ID of each document that is a descendant as seen from the security document of the identified route history is acquired (1505). Next, the following two processes are performed on the acquired traceable ID.

  As the first processing, among the acquired traceable IDs, the traceable ID of each document for which the user who has requested the policy information change has performed an operation to change the document content such as registration or editing is acquired (1506).

  Also, as the second process, a traceable ID for which “print and copy” operation is performed is acquired from the acquired traceable ID (1507), and an ancestor document is traced from the traceable ID, and the latest “registration, If the “edit, scan” operation was performed by the user who instructed to change the policy information, the acquired traceable ID is left, and the user who the latest “registration, edit, scan” operation instructed the policy information change If it is performed by other than the above, the acquired traceable ID is excluded from the acquired (1508).

  The logical sum of the traceable IDs acquired by these two processes is calculated, and the traceable ID excluding duplication is acquired (1509).

  Then, a document ID list is created by acquiring the document ID for the traceable ID (1510). The created document ID list is transmitted to the policy server (1511).

  In the processing of the two steps shown in (1507) and (1508), different document IDs are assigned in printing and copying (copying) operations, but the contents of the document itself do not change. This is a process of searching, as related documents, only documents for which the user who has made a policy information change request has performed an operation for changing the document contents, such as registration or editing, from among the documents from which the copying operation has been performed.

  FIG. 16, FIG. 17, FIG. 18, FIG. 19, and FIG. 20 are hierarchical structure diagrams showing the relationship of operation histories managed by the log management server in a tree structure.

  In each of these drawings, the operation history is represented by a circular figure, and the operation history represented by the circle figure is connected by a line to represent the relationship between the operation histories. The relationship between the operation histories is indicated by a traceable ID indicated by each operation history, and a hierarchical structure is generated by using the traceable ID.

  Each circular figure of the operation history forming the hierarchical structure is described with a number, and this number is a traceable ID for identifying each operation history and indicating the relationship between the operation histories. Note that although numbers are used as traceable IDs for convenience, values calculated by hexadecimal numbers or hash functions can also be used as traceable IDs.

  The five diagrams from FIG. 16 to FIG. 20 are composed of 18 operation histories, which represent a state in which the security document is operated 18 times. In addition, each operation history represents, as metadata, the user who is an operator and the contents of the operation performed by the user in the form of “(user), (operation content)”.

  In each of these drawings, an operation history that becomes the root of a hierarchical structure is shown by a circular figure with “1” written therein, and an operation history is generated in a lower hierarchy by operating a document represented by this operation history.

  In each of FIGS. 16 to 20, the operation history indicating that the user A1 has performed the editing operation of the operation history document “1” is represented by a circle shape “2”, and the user B1 performs the browsing operation. The operation history indicating that the operation has been performed is represented by a circle shape “3”, and the relationship between the operation histories is represented by connecting the circle shape of the operation history “1” with a line.

  FIG. 16 to FIG. 20 show the relationship between operation histories generated by performing a predetermined operation on a document in a state indicated by each operation history.

  FIG. 16 shows an example of searching for a related document when “(1) entire related document (including documents generated and edited by other users)” is selected as the policy information change condition on the screen shown in FIG. FIG.

  As an example, when the policy information of the security document of the operation history represented by “8” is changed, the document ID of the related document related to the security document is searched. In this case, the related document search process is performed according to the flow shown in FIG.

  First, “8” is acquired as the traceable ID indicated by the operation history of the designated security document, and then all traceable IDs corresponding to ancestors are acquired based on the traceable ID “8”. By this process, three traceable IDs (“5”, “3”, “1”) can be acquired.

  Subsequently, among these acquired traceable IDs (“5”, “3”, “1”), “1” is acquired as a traceable ID indicating the route history. When the traceable ID “1” of the route history is acquired, the traceable IDs of all the operation histories that have a descendant relationship from the operation history of the traceable ID “1” are acquired.

  As a result, 18 traceable IDs (“1”, “2”, “3”, “4”, “5”, “6”, “7”, “8”, “9”, “10”, “ 11 ”,“ 12 ”,“ 13 ”,“ 14 ”,“ 15 ”,“ 16 ”,“ 17 ”,“ 18 ”).

  Then, the document IDs for the 18 traceable IDs acquired are specified. Since the document ID is information that is changed by updating the content of the document by an editing operation or the like, the operation history of the operation that does not change the content of the document, such as browsing or reference, includes the operation history before the operation. The same document ID is set. That is, there is a possibility that there are duplicate document IDs among the specified document IDs.

  Therefore, a process for removing duplicate document IDs is performed to create a list of calculated document IDs. The document ID calculated by removing the duplicate document ID is the traceable ID (“1”, “2”, “6”, “7”, “8”) of the operation history shown in black and white in FIG. ”,“ 9 ”,“ 13 ”,“ 14 ”,“ 15 ”,“ 16 ”,“ 17 ”,“ 18 ”).

  It indicates that the document with the document ID shown in the document ID list is a security document retrieved as a related document.

  FIG. 17 is a hierarchy showing an example of searching for related documents when “(2) restricted related documents (only documents created and edited by myself)” is selected as the policy information change condition on the screen shown in FIG. FIG.

  As an example, when the policy information of the security document of the operation history represented by “8” is changed by the user A, the document ID of the related document related to the security document is searched. In this case, the related document search process is performed according to the flow shown in FIG.

  First, “8” is acquired as the traceable ID indicated by the operation history of the designated security document, and then all traceable IDs corresponding to ancestors are acquired based on the traceable ID “8”. By this process, three traceable IDs (“5”, “3”, “1”) can be acquired.

  Subsequently, among these acquired traceable IDs (“5”, “3”, “1”), “1” is acquired as a traceable ID indicating the route history. When the traceable ID “1” of the route history is acquired, the traceable IDs of all the operation histories that have a descendant relationship from the operation history of the traceable ID “1” are acquired.

  As a result, 18 traceable IDs (“1”, “2”, “3”, “4”, “5”, “6”, “7”, “8”, “9”, “10”, “ 11 ”,“ 12 ”,“ 13 ”,“ 14 ”,“ 15 ”,“ 16 ”,“ 17 ”,“ 18 ”).

  Then, from the operation history indicated by the acquired 18 traceable IDs, the traceable ID of the operation history in which the user A instructing to change the policy information performs an operation to change the content of the document such as registration or editing is acquired. . By this processing, eight traceable IDs (“1”, “2”, “7”, “8”, “9”, “13”, “15”, “16”) are acquired.

  Then, the document ID list for the eight traceable IDs is specified from the operation history to create a document ID list.

  It indicates that the document with the document ID shown in the document ID list is a security document retrieved as a related document.

  FIG. 18 is a hierarchical structure diagram illustrating an example in which a document that is a descendant of the designated security document is searched as a related document.

  As an example, when the policy information of the security document of the operation history represented by “8” is changed, the document ID of the related document related to the security document is searched.

  First, an operation history in which the traceable ID “8” of the designated security document is designated as “traceable ID after operation” is specified. This is, for example, a process of searching for a record whose traceable ID “8” is set in [Traceable ID after Operation (TID Before Operation)] 702 of the operation history information shown in FIG.

  In the example of FIG. 18, since “8” is set as “traceable ID after operation” in the history information of traceable ID “13”, the document ID of the operation history indicated by this traceable ID “13” is a descendant. Identify it as a document.

  Subsequently, a document corresponding to this traceable ID “13” is also searched. In the same manner as described above, an operation history in which the traceable ID “13” is designated as “traceable ID before operation” is specified. Thereby, the traceable ID “16” and the traceable ID “17” are searched. Therefore, the document ID corresponding to the two traceable IDs is specified as the related document corresponding to the descendant.

  In this way, the document related to the security document with the traceable ID “8” is the document with the document ID corresponding to the four traceable IDs (“8”, “13”, “16”, “17”).

  FIG. 19 is a hierarchical structure diagram showing an example in which a document in which an operation for changing the content of a document is performed as a related document by a user who designates the security document among documents that are direct ancestors when viewed from the designated security document. It is.

  As an example, when the policy information of the security document of the operation history represented by “16” is changed by the user A, the document ID of the related document related to the security document is searched.

  First, an operation history in which the traceable ID “16” of the designated security document is designated as “traceable ID before operation” is specified. Reference is made to the “traceable ID before operation” item 701 in the operation history information as shown in FIG. Thereby, in the example of the operation history having the hierarchical structure shown in FIG. 19, the operation history indicated by the traceable ID “13” corresponds.

  Next, for the traceable ID “13”, similarly, processing for specifying an operation history in which the traceable ID “13” is designated as “traceable ID before operation” is performed. Thereby, the operation history indicated by the traceable ID “8” corresponds.

  The operation history is specified by sequentially performing such operations until the route history is reached. In the diagram shown in FIG. 19, there are operation histories indicated by six traceable IDs (“16”, “13”, “8”, “5”, “3”, “1”). Then, the traceable ID of the operation history indicating that the user A who made the policy information change request has performed an operation of updating the document such as registration and editing is specified. That is, four of the traceable ID “16”, the traceable ID “13”, the traceable ID “8”, and the traceable ID “1” are specified.

  Thus, the document related to the security document with the traceable ID “16” is a document with the document ID corresponding to the four traceable IDs (“16”, “13”, “8”, “1”).

  FIG. 20 searches for related documents when “(3) restricted related documents (including paper documents, only documents created and edited by myself)” is selected as the policy information change condition on the screen shown in FIG. FIG.

  As an example, when the policy information of the security document of the operation history represented by “15” is changed by the user A, the document ID of the related document related to the security document is searched. In this case, the related document search process is performed according to the flow shown in FIG.

  First, “15” is acquired as the traceable ID indicated by the operation history of the designated security document, and then all traceable IDs corresponding to the ancestors are acquired based on the traceable ID “15”. With this process, four traceable IDs (“10”, “6”, “3”, “1”) can be acquired.

  Subsequently, among these acquired traceable IDs (“10”, “6”, “3”, “1”), “1” is acquired as a traceable ID indicating the route history. When the traceable ID “1” of the route history is acquired, the traceable IDs of all the operation histories that have a descendant relationship from the operation history of the traceable ID “1” are acquired.

  As a result, 18 traceable IDs (“1”, “2”, “3”, “4”, “5”, “6”, “7”, “8”, “9”, “10”, “ 11 ”,“ 12 ”,“ 13 ”,“ 14 ”,“ 15 ”,“ 16 ”,“ 17 ”,“ 18 ”).

  Here, the following two processes are respectively performed on the acquired 18 traceable IDs.

  First, as a first process, a traceable ID of an operation history in which an operation for changing the contents of a document such as registration and editing is performed by the user A instructing change of policy information. By this processing, eight traceable IDs (“1”, “2”, “7”, “8”, “9”, “13”, “15”, “16”) are acquired.

  Next, as a second process, traceable IDs indicating printing and copying (copying) operations are acquired for 18 traceable IDs. Then, the traceable ID of the operation history operated by the user A who requested the change of the policy information is obtained by tracing the ancestor of the acquired traceable ID, searching for the latest traceable ID that has been registered, edited, and scanned.

  In this second process, two traceable IDs (“11” and “15”) are acquired in the previous process, and the ancestors of the two traceable IDs are traced in the subsequent process, and the most recent registration, editing, and scanning are performed. The traceable ID “11” in which the operation A is performed by the user A is acquired. The operation history indicated by the traceable ID “11” is registered in the latest operation history by tracing the traceable ID “11” acquired in the previous process, and any operation of registration, editing, and scanning is performed by the user A. It is shown that.

  When such two processes are performed, a traceable ID that is a logical sum of the traceable IDs acquired in the respective processes is acquired. As a result, nine traceable IDs (“1”, “2”, “7”, “8”, “9”, “11”, “13”, “15”, “16”) are acquired.

  As a result, the document related to the security document with the traceable ID “15” has nine traceable IDs (“1”, “2”, “7”, “8”, “9”, “11”, “13”). , “15”, “16”).

  The present invention is not limited to the embodiments described above and shown in the drawings, and can be implemented with appropriate modifications within a range not changing the gist thereof.

  The present invention is based on a recording medium (CD-ROM, DVD-ROM, etc.) storing a program for causing the operation restriction information management system having a communication function to execute the above-described operation or to configure the above-described means. It is also possible to configure an operation restriction information management system that executes the above-described processing by installing the program in a computer and executing it. A computer constituting the operation restriction information management system is connected to a CPU (Central Processor Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and a hard disk via a system bus. The CPU performs processing using the RAM as a work area according to a program stored in the ROM or the hard disk.

  The medium for supplying the program may be a communication medium (a medium for temporarily or fluidly holding the program such as a communication line or a communication system). For example, the program may be posted on an electronic bulletin board (BBS: Bulletin Board Service) of a communication network and distributed via a communication line.

1 is an example of a system configuration diagram of an operation restriction information management system configured by applying an operation restriction management system and a program according to an embodiment of the present invention. The block diagram which shows the function structure of the operation restriction information management system in embodiment of this invention. The figure which shows the screen which designates the conditions which produce | generate a security document in the operation restriction information management system in embodiment of this invention. The figure which shows the list of the operation content permitted with respect to the policy information of the operation restriction information management system in embodiment of this invention. The figure which shows the relationship of the log | history information managed with the operation restriction information management system in embodiment of this invention. The figure which shows the screen which instruct | indicates the change of the policy information set to the document in the operation restriction information management system concerning embodiment of this invention. The figure which shows the historical information of the document operation managed by the log management server of the operation restriction information management system in the embodiment of the present invention. The sequence diagram which shows the flow of a process which produces | generates a security document by setting policy information to a document in the operation restriction information management system in an embodiment of the present invention. The sequence diagram which shows the flow of the process which performs operation which edits a security document in the operation restriction information management system in embodiment of this invention. The sequence diagram which shows the flow of a process which copies the document shown by the identification information by reading the identification information provided to the printed matter in the operation restriction information management system in the embodiment of the present invention. The sequence diagram which shows the state transition of the process which changes the policy information set to the security document in the operation restriction information management system in embodiment of this invention. The figure which shows the screen which selects the related document relevant to a predetermined document in the operation restriction information management system in embodiment of this invention. FIG. 7 is an example of a flowchart showing a processing flow when selecting to change policy information of all related documents as a condition for selecting a document to be changed in policy information on the screen shown in FIG. 6. FIG. 7 is an example of a flowchart illustrating a processing flow when selecting to change policy information of a related document related to a specific user as a condition for selecting a document to be changed in policy information on the screen illustrated in FIG. 6. FIG. 6 shows a processing flow when selecting to change the policy information of a related document related to a specific user including a paper document as a condition for selecting a document whose policy information is to be changed on the screen shown in FIG. An example of a flowchart. FIG. 6 is a hierarchical structure diagram showing an example of searching for related documents when “(1) entire related documents (including documents generated and edited by other users)” is selected as the policy information change condition on the screen shown in FIG. . FIG. 7 is a hierarchical structure diagram illustrating an example in which a related document is searched when “(2) restricted related document (only a document generated / edited by itself)” is selected as a policy information change condition on the screen illustrated in FIG. 6. The hierarchical structure figure which shows the example which searches the document which is a descendant seeing from the designated security document as a related document. The hierarchical structure figure which shows the example which searches the document in which the operation which changed the content of the document by the user who designated the security document was performed among the documents which are the direct ancestors in view of the designated security document as a related document. FIG. 6 shows an example of searching for related documents when “(3) restricted related documents (including paper documents, only documents created and edited by myself)” is selected as the policy information change condition on the screen shown in FIG. Hierarchical structure diagram.

Explanation of symbols

DESCRIPTION OF SYMBOLS 100 Policy server 200 Log management server 201 Display operation part 202 Operation control part 203 Identification information generation part 204 Authentication part 205 User information management part 206 Policy control part 207 Policy storage part 208 Document information storage part 210 Security information registration part 211 History control part 212 Operation Recording Unit 213 History Storage Unit 300 Client PC

Claims (7)

Operation restriction information storage means for storing operation restriction information for restricting operation of a document;
Operation history management means for managing an operation history of a document for which operation restriction is performed based on the operation restriction information stored in the operation restriction information storage means;
When the operation restriction information stored in the operation restriction information storage unit is changed, the related document search unit searches for a related document related to the document using the operation history of the document managed by the operation history management unit. When,
An operation restriction management system comprising operation restriction information change means for changing operation restriction information set in the related document searched by the related document search means to operation restriction information after change. The operation history management means includes
The operation restriction management system according to claim 1, wherein the operation restriction information is managed by the operation restriction information changing unit as a history of operation that the operation restriction information of the document and a related document related to the document is changed. The operation history management means includes
In the operation history of the document, one or more related documents related to the document are recorded and managed as related identification information,
The related document search means includes:
The operation restriction information management system according to claim 1 or 2, wherein a related document related to the document is searched using the related identification information indicated by the operation history of the document managed by the operation history management means. The related document search means includes:
3. The operation restriction information management system according to claim 1 or 2, wherein the related document is searched from documents within a specified search range. Operator authentication means for authenticating an operator who operates a document whose operation is restricted by the operation restriction information;
The operation restriction information changing means includes
The operation restriction information management system according to claim 1, wherein the operation restriction information of the related document related to the document is changed to the operation restriction information of the document by the operator authenticated by the operator authentication unit. . The document and the related document are:
It is a printed matter on which identification information is printed,
The operation restriction information storage means includes
The operation restriction information management system according to claim 1, wherein operation restriction information is stored for the identification information. Computer
Operation restriction information storage means for storing operation restriction information for restricting operation of a document;
Operation history management means for managing an operation history of a document for which operation restriction is performed based on the operation restriction information stored in the operation restriction information storage means;
When the operation restriction information stored in the operation restriction information storage unit is changed, the related document search unit searches for a related document related to the document using the operation history of the document managed by the operation history management unit. When,
An operation restriction management program that functions as an operation restriction information change unit that changes operation restriction information set in a related document searched by the related document search unit to operation restriction information after change.

Images