JP2004152262A - Document print program, document protection program, and document protection system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a document print program preventing leakage of a document due to its printout, a document protection program, and a document protection system. <P>SOLUTION: This document protection system is constituted of the document print program having a means acquiring a print requirement related to the document file and a means forcibly executing the print requirement in printing the document file and the document protection program protecting the document file. <P>COPYRIGHT: (C)2004,JPO

Description

  The present invention relates to a document printing program, a document protection program, and a document protection system.

  2. Description of the Related Art In recent years, in offices and the like that handle information such as documents and images (hereinafter, referred to as documents), a method of electronically recording a document on an information recording medium as a document file instead of printing the document on paper has become mainstream. .

  If the document is electronically recorded, the document can be recorded without using paper resources, so that resource saving can be achieved, and it is not necessary to store the paper on which the document is printed, thereby realizing space saving.

  In addition, if documents are recorded electronically, the same document can be distributed to many people at the same time, and documents can be distributed to people at remote locations via a network, thereby improving work efficiency. Can be achieved.

  The advantage of electronically recording a document that allows the same document to be distributed to many people at the same time or distributed to a remote location over a network has the advantage that the document can be easily leaked. It is also inside out.

  Since many documents handled in offices and the like require confidentiality, it is necessary to take measures to prevent leakage of the documents.

  Conventional techniques for preventing document leakage include “Method of encrypting information for remote access while maintaining access control” disclosed in Patent Document 1 and “Information security architecture for encrypting” disclosed in Patent Document 2. As in "documents for remote access while maintaining access control" and "document management system" disclosed in Patent Literature 3, only a legitimate user refers to the contents of a document by requesting user authentication when opening a document file. There is a method of enabling printing, and a method of checking whether a user has a right to print when attempting to print an opened document file, and printing only an authorized user.

In addition, the document file is controlled so that printing is permitted only when payment is completed, as in “a method for restricting printing of electronically transmitted information and a document with printing restriction” disclosed in Patent Document 4. There is also such technology.
U.S. Pat. No. 6,339,825 U.S. Pat. No. 6,289,450 JP 2001-142874 A JP-A-2002-024097

  In the inventions disclosed in the above patent documents, although it is possible to prevent unauthorized persons from printing the document, no security is set for the printed matter (printout).

  Therefore, once a document is printed by impersonating a user who has the authority to print, a printout of the document can be copied and distributed to others without any restrictions.

  Furthermore, if the person who wants to leak the document is a legitimate user who has the authority to print, this cannot be prevented.

  As described above, the conventional technology has problems that the usability of the document file is not good and the security for preventing the leakage of the document due to the printout is insufficient.

  The present invention has been made in view of such a problem, and an object of the present invention is to provide a document printing program, a document protection program, and a document protection system that prevent leakage of a document due to printout.

  In order to achieve the above object, a document printing program according to the present invention comprises: means for acquiring a printing requirement associated with a document file; and means for forcibly executing the printing requirement when printing the document file. I am preparing for it.

  Thereby, security measures at the time of printing can be enforced.

  Further, when the encrypted document file is decrypted, a printing process with the printing requirement is executed to enforce the printing requirement.

  Thus, a robust system using the encryption technology can be constructed.

  A means for obtaining a decryption key of the encrypted document file; a means for decrypting the document file based on the obtained decryption key; and a means for obtaining the printing requirement associated with the document file. Means for executing a printing process satisfying the acquired printing requirements.

  Further, the document protection program of the present invention includes means for obtaining an encryption key for encrypting a document file, means for associating designated printing requirements with the document file, and means for encrypting the document file with the encryption key. It can be configured as having the following.

  Also, the document protection system of the present invention includes a means for obtaining an encryption key for encrypting a document file, a means for associating designated printing requirements with the document file, and a means for encrypting the document file with the encryption key. A distributor terminal equipped with a document protection program comprising: a decryption key for an encrypted document file; means for decrypting the document file based on the acquired decryption key; and And a user terminal in which a document printing program is installed, which includes means for acquiring a printing requirement associated with the document, and means for executing a printing process satisfying the acquired printing requirement.

  In addition, a document protection program including means for obtaining an encryption key for encrypting a document file, means for associating designated printing requirements with the document file, and means for encrypting the document file with the encryption key is implemented. Means for obtaining a decryption key of an encrypted document file, means for decrypting the document file based on the obtained decryption key, and obtaining printing requirements associated with the document file And a user terminal in which a document printing program including means for executing a printing process satisfying the acquired printing requirements is installed.

  According to the present invention, it is possible to provide a document printing program, a document protection program, and a document protection system that prevent leakage of a document due to printout.

[First Embodiment]
First Embodiment A preferred embodiment of the present invention will be described.

  FIG. 1 shows a configuration of a document protection / printing system according to the present embodiment.

  The document protection / printing system according to the present embodiment includes a distributor terminal 101, a user terminal 102, and a printer 103. As the distributor terminal 101 and the user terminal 102, a computer terminal provided with a display device (for example, LCD), an input device (for example, keyboard), an external recording device (for example, FDD, HDD) and the like can be applied. A document protection program 111 is mounted on the distributor terminal 101, and a document print program 121 is mounted on the user terminal 102.

  The document protection program 111 sets printing requirements for the document file according to the input operation of the user of the distributor terminal 101 (hereinafter referred to as a distributor) and uses an encryption algorithm (RC4, Triple DES, IDEA, etc.). Is a program for encrypting a document file and generating a protected document. FIG. 2 shows a configuration example of the document protection program 111, which includes an attribute assigning unit 111a, an encrypting unit 111b, an encryption key acquiring unit 111c, and a parameter acquiring unit 111d. Note that the parameter acquisition unit 111d is an optional element. The function of each unit will be described later in operation.

  Returning to FIG. 1, the document printing program 121 decrypts the protected document according to an input operation of a user of the user terminal 102 (hereinafter, referred to as a user) and performs a printing process according to the set printing requirements on the printer 103. This is a program that performs processing to be executed. FIG. 3 shows a configuration example of the document print program 121, which includes a decryption unit 121a, a decryption key acquisition unit 121b, a parameter acquisition unit 121c, a print requirement acquisition unit 121d, and a print processing unit 121e. Note that the parameter acquisition unit 121c is an optional element. FIG. 4 shows a configuration example of the print processing unit 121e in FIG. 3, and includes a requirement processing unit 121f, a document processing unit 121g, a printer driver 121h, a warning display unit 121i, and a log recording unit 121j. . The function of each unit will be described later in operation.

  Examples of the printing requirements set by the document protection program 111 in the document file in response to the input operation of the distributor include background dot pattern (BDP) and confidential printing (Private Access: PAC). ), Addition of a digital watermark (DWM), addition of a barcode (Embedding Barcode: EBC), security label stamp (SLS), and the like.

  The operation of the document protection / printing system according to the present embodiment will be described. First, the operation of the entire system will be described.

  In FIG. 1, a distributor operates a distributor terminal 101 and mounts a document file thereon. For example, a distributor may create a document file using an input device, or read a document file recorded on an information recording medium using an external recording device.

  When setting security on the document file, the distributor operates the input device of the distributor terminal 101 to transfer the document file to the document protection program 111. The document protection program 111 that has acquired the document file requests the distributor to set a password used for encryption and necessary to access the document file, and security processing (that is, printing requirements) to be enforced at the time of printing. . For example, the document protection program 111 requests setting of a password and printing requirements by displaying a message on the display device of the distributor terminal 101 or the like. FIG. 5 shows an example of a screen for requesting the setting of the password and the printing requirements, in which necessary items can be input and selection can be made from check boxes. Note that the document file to be protected can be specified on the screen in FIG.

  When the distributor inputs a password and printing requirements via the input device of the distributor terminal 101, the document protection program 111 acquires these. Note that the document protection program 111 displays, for example, a screen as shown in FIG. 6 on the display device in order to inquire the storage location of the protected document generated thereafter.

  The document protection program 111 generates a protected document from the document file using the acquired password and the printing requirements.

  The distributor delivers the protected document generated by the document protection program 111 to the user, and notifies the user of a password required to access the document file.

  When a user wants to print a document file, a protected document is mounted on the user terminal 102. For example, the protected document recorded on the information recording medium may be read by the user terminal using an external recording device, or when the user terminal 102 can communicate with the distributor terminal 101 via a communication network. A protected document may be obtained from the distributor terminal 101.

  When the user instructs the document printing program 121 to print via the input device of the user terminal 102, the document printing program 121 requested to print prints the password required to access the document file. Request to. For example, the document printing program 121 requests input of a password by displaying a message on a display device of the user terminal 102 or the like. FIG. 7 shows an example of a screen for requesting a password, accompanied by an explanation that the document file to be printed is protected.

  When the user inputs the password notified from the distributor to the user terminal 102 via the input device, the document print program 121 restores the protected document to a document file using the input password, and sets the set print. The printer 103 is caused to execute a printing process so as to satisfy the requirement. For example, when the above-described BDP is set as a printing requirement in a document file, a copy-forgery-inhibited pattern image is printed together with the contents of the document.

  This makes it possible to enforce the printing requirements set by the distributor when printing a document.

  It should be noted that the user may not be aware of the printing requirements, and some printing requirements cannot be processed without a specific printer. Therefore, it is desirable that the user be provided with information to that effect before printing is performed. . FIG. 8 shows an example of a confirmation screen displayed on the display device of the user terminal 102, in which printing requirements and available printers are displayed, and a printer to be used can be selected. .

  Next, the operation of the document protection program 111 (processing for generating a protected document) and the operation of the document printing program 121 (processing for printing a protected document) will be described in further detail.

  FIG. 9 shows the operation of the document protection program 111.

  First, the document protection program 111 attaches the print requirements set by the distributor using the input device of the distributor terminal 101 to the document file.

  Next, the document file to which the print requirement is attached is encrypted using the password input by the distributor using the input device of the distributor terminal 101 to be a protected document.

  The above operation will be described in more detail with reference to FIG.

  First, the attribute assigning unit 111a of the document protection program 111 assigns a print requirement (req) set by the distributor as an attribute to the document file (doc) delivered from the distributor, and the document to which the print requirement is assigned. The file (doc + req) is passed to the encryption unit 111b.

  On the other hand, the encryption key acquisition unit 111c generates an encryption key (k) based on the password (ku) input by the distributor and the parameter (kp) obtained from the parameter acquisition unit 111d provided as necessary. This is passed to the encryption unit 111b. Note that the parameter (kp) of the parameter acquisition unit 111d is stored in the document protection program 111 or is generated when requested. Here, as an algorithm for generating the encryption key (k), for example, k = H {ku, kp} or k = D {ku, kp} can be used. Note that H {data1, data2,...} Means to calculate a hash value of data1, data2,..., And D {data, key} means to decode data with a key.

  Then, based on the encryption key (k), the encryption unit 111b encrypts the document file (doc + req) to which the printing requirement has been added, and outputs it as a protected document (enc). The expression is enc = E {(doc + req), k}. Here, E {data, key} means that data is encrypted with the key.

  FIG. 10 shows the operation of the document print program 121.

  First, the document printing program 121 decrypts the protected document using the password input by the user using the input device of the user terminal 102, and restores the document to a document file to which the printing requirements are attached. Next, the document printing program 121 sets the printer driver so as to satisfy the printing requirements set in the document file (for example, if the above-described PAC is specified as the printing requirement, the printer driver is set to the confidential printing mode). And print the document. If necessary, a message may be displayed on a display device to request the user to set print parameters.

  If printing that satisfies the printing requirements set in the document file cannot be executed by the printer 103, in other words, if the printer 103 does not have a function that satisfies the set printing requirements, the document printing program 121 The user is notified by displaying a message indicating the fact on the display device of the user terminal 102 or the like, and the process ends without performing printing.

  For example, if PAC is set as the printing requirement, the document printing program 121 requests input of a PIN (Personal Identification Number) before executing printing. In this case, after the printing is executed, the printout of the document is not output from the printer 103 until the same PIN as the one input before the printing is input on the operation panel of the printer 103. Therefore, the printout of the document is not inadvertently left in the printer 103, and the leakage of the document due to the printout can be prevented.

  The above operation will be described in more detail with reference to FIGS.

  First, in FIG. 3, the decryption unit 121a of the document print program 121 applies a parameter (kp) to the protected document (enc) obtained from the parameter acquisition unit 121c provided by the decryption key acquisition unit 121b with a password and as needed. The decryption is performed using the decryption key (k) obtained from. The parameter (kp) of the parameter acquisition unit 121c is stored in the document print program 121 or is generated when requested. Here, as the algorithm for generating the decryption key (k) in the decryption key acquisition unit 121b, k = H {ku, kp} or k = D {ku, kp} can be used, for example, as in the case of encryption. Note that H {data1, data2,...} Means to calculate a hash value of data1, data2,..., And D {data, key} means to decode data with a key.

  Then, the decryption unit 121a decrypts the protected document (enc) using the decryption key (k), obtains a document file (doc + req) to which the print requirement has been added, and transfers the document file to the print processing unit 121e. In addition, if the decoding is expressed by an equation, (doc + req) = D {enc, k}. Here, D {data, key} means that data is decrypted with the key. On the other hand, the printing requirement acquisition unit 121d extracts the printing requirement (req) from the decrypted document file (doc + req) and passes it to the print processing unit 121e.

  Next, in FIG. 4, the requirement processing unit 121f of the print processing unit 121e performs a plurality of processes according to the content of the received printing requirement. That is, for processing that requires processing of the document file itself, such as BDP, EBC, and SLS, processing information is given to the document processing unit 121g to process the document file, and the processed document file is transferred to the printer driver. The print data is provided to the printer 103 and is printed. For processing that requires special settings in the printer driver, such as PAC, print settings are made in the printer driver 121h. Further, when it is necessary to display a warning message to the user, the warning message is passed to the warning display unit 121i, and the display device displays the warning message. If it is necessary to keep a print log, the log information is passed to the log recording unit 121j, and the log data is registered in a remote server or the like.

  In the above description, the parameter acquisition unit 111d and the parameter acquisition unit 121c in FIGS. 2 and 3 are optional. However, if these are omitted, it is known that the protected document can be decrypted only with the password. The user can also decrypt the protected document using the password independently without going through the document printing program 121.

  If the protected document is decrypted without going through the document printing program 121, the document file can be printed without the printing requirements set by the distributor being enforced.

  Therefore, instead of encrypting the document file only with the password, for example, a parameter acquisition unit 111d as shown in FIG. 2 is provided, and the password and the secret key (parameter) embedded in the document protection program 111 are exchanged. It is preferable to encrypt the document file using the combined one (such as one obtained by exclusive OR).

  In this case, the document printing program 121 is also provided with a parameter acquisition unit 121c as shown in FIG. 3, and by embedding the same secret key (parameter), the printing requirement set by the distributor is forced to be applied when printing. Only the printing program 121 can decrypt and print the protected document.

  Furthermore, if the key data is stored as it is inside the program, it may be detected by an attacker, so instead of keeping the key data in the program as it is, calculate and generate it when it is needed. It is desirable to incorporate various algorithms. At that time, use of software tamper-resistant technology (technology to protect the system from unauthorized analysis by an attacker by creating a program so that it is difficult to analyze) so as not to specify the generation algorithm Security can be further improved.

[Second embodiment]
In the first embodiment described above, the document protection / printing system for protecting the document file using the password has been described. In this system, it is determined whether the document file can be printed based on whether or not the password is known. It will be decided.

  However, in practice, "User A may print the document file, but user B does not want to print it. Further, if user C attempts to print the document file, the copy-forgery-inhibited pattern is printed out. Want to set print requirements according to each user. In a second embodiment of the present invention, a document protection / printing system capable of responding to such a request will be described.

  FIG. 11 shows the configuration of the document protection / printing system according to the present embodiment.

  The document protection / printing system according to the present embodiment includes a distributor terminal 201, a user terminal 202, a printer 203, and an access control server 204.

  Similar to the first embodiment, the distributor terminal 201 and the user terminal 202 each include a computer including a display device (for example, LCD), an input device (for example, keyboard), an external recording device (for example, FDD, HDD), and the like. Terminal can be applied. Note that a document protection program 211 is mounted on the distributor terminal 201, and a document printing program 221 is mounted on the user terminal 202.

  The document protection program 211 sets processing requirements in the document file according to the input operation of the user (distributor) of the distributor terminal 201, and uses the encryption algorithm (RC4, Triple DES, IDEA, etc.) to set the document file. Is a program that performs a process of encrypting a document and generating a protected document. FIG. 12 shows an example of the configuration of the document protection program 211, which includes an encryption unit 211a, an encryption key acquisition unit 211b, an attribute assignment unit 211c, and an attribute registration unit 211d. The function of each unit will be described later in operation.

  Returning to FIG. 11, the document print program 221 decrypts the protected document according to the input operation of the user (user) of the user terminal 202 and performs a print process according to the print requirement set as a part of the process requirement. This is a program for performing processing to be executed by the printer 203. FIG. 13 shows a configuration example of the document print program 221, and includes a decryption unit 221a, a decryption key acquisition unit 221b, a print requirement acquisition unit 221c, and a print processing unit 221d. FIG. 14 shows a configuration example of the print processing unit 221d in FIG. 13, and includes a requirement processing unit 221e, a document processing unit 221f, a printer driver 221g, a warning display unit 221h, and a log recording unit 221i. . The function of each unit will be described later in operation.

  Referring back to FIG. 11, the access control server 204 refers to an access control list (ACL) in response to a request from the document printing program 221 when a user attempts to access (for example, print) a document. Is a server for acquiring whether or not the user has the right to access the document and how the processing requirements are set.

  The access control server 204 includes a user database 241 storing authentication information (a set of a user name and a password) for each user, and processing requirements set for each user (particularly, printing processing requirements). An ACL database 242 in which an ACL including print requirements is registered is connected.

  FIG. 15 shows an example of the configuration of the access control server 204, which includes an attribute DB registration unit 204a, a user authentication unit 204b, an access authority confirmation unit 204c, and a print requirement acquisition and transmission unit 204d. The function of each unit will be described later in operation.

  FIG. 16 shows an example of the structure of the ACL. The ACL includes a user name (User Name), an access type (Access Type), permission information (Permission), and a processing requirement (Requirement) as parameters. Then, as shown in FIG. 17, the ACL is recorded and held in the ACL database 242 as one record in association with a document ID (Document ID) and an encryption key (Key) described later.

  The operation of the document protection / printing system according to the present embodiment will be described. First, the operation of the entire system will be described.

  In FIG. 11, a distributor operates a distributor terminal 201 and mounts a document file on the terminal 201. For example, a distributor may create a document file using an input device, or read a document file recorded on an information recording medium using an external recording device.

  When setting security for the document file, the distributor operates the input device of the distributor terminal 201 to transfer the document file to the document protection program 211. The document protection program 211 that has acquired the document file requests the distributor to set the ACL. For example, the document protection program 211 requests ACL setting by displaying a message on the display device of the distributor terminal 201 or the like. FIG. 18 shows an example of a screen for requesting ACL setting, in which a user name, access permission, and printing requirements can be set. That is, a group or a user who becomes an entry of the ACL is added, and an access right to be assigned to the group or the user is specified. At this time, printing requirements can be specified as necessary, selection (checking) is performed from those that can be set as printing requirements, and further information that requires supplementary information is input. In the figure, “CONFIDENTIAL” is designated as the character string of the watermark. Then, by pressing the encryption button, the setting contents are captured. In this screen, a document file to be protected can be specified.

  When the distributor sets the ACL via the input device of the distributor terminal 201, the document protection program 211 acquires this.

  The document protection program 211 that has obtained the ACL generates a unique document ID (Document ID) and an encryption key (Key) used for encryption and decryption for each document file, associates the ACL with these, and associates the ACL with the access control server 204. And requests registration in the ACL database 242.

  The document protection program 211 generates a protected document by adding a document ID to a document file encrypted using an encryption key.

  The distributor delivers the protected document generated by the document protection program 211 to the user.

  When a user wants to print a document, the user installs the protected document on the user terminal 202. For example, the protected document recorded on the information recording medium may be read by the user terminal 202 by using an external recording device, or when the user terminal 202 can communicate with the distributor terminal 201, the communication is performed via a communication network. Alternatively, a protected document may be obtained from the distributor terminal 201.

  When the user instructs the document printing program 221 to perform printing via the input device of the user terminal 202, the document printing program 221 requested to perform printing inputs a user name and a password necessary for authenticating the user. To the user. For example, the document print program 221 requests input of a user name and a password by displaying a message on a display device of the user terminal 202 or the like. FIG. 19 shows an example of a screen for requesting a user name (user ID) and a password, which can be input using a keyboard or the like.

  The document print program 221 sends the user name and password input by the user to the access control server 204, and requests user authentication.

  The access control server 204 performs user authentication using the user name and the password passed from the document print program 221 to specify the user.

  When the user is specified, the access control server 204 refers to the ACL database 242 to determine whether the user has the authority to print the document file, and what printing requirements the user has when printing the document file. Gets whether it has been set.

  If the user has the authority to print the document file, the access control server 204 specifies the encryption key for decrypting the protected document and the printing requirements when the user prints the document file, together with the authentication information indicating that. The document printing program 221 is notified via the terminal 202.

  The document print program 221 that has obtained the encryption key and the printing requirements together with the authentication information from the access control server 204 decrypts the protected document using the encryption key and restores the document file.

  Then, the document print program 221 causes the printer 203 to execute print processing so as to satisfy the print requirements. For example, when the above-described BDP is set as a printing requirement in a document file, a copy-forgery-inhibited pattern image is printed together with the contents of the document.

  Thus, when printing a document file, it is possible to enforce the printing requirements set by the distributor for each user.

  Here, the operations of the document protection program 211 and the access control server 204 when the document is protected, and the operations of the document print program 221 and the access control server 204 when the protected document is restored to a document file and printed are described in further detail. I do.

  FIG. 20 shows an operation when the document protection program 211 generates a protected document. When the document protection program 211 obtains the document file and the ACL by the input operation of the distributor on the input device of the distributor terminal 201, it generates an encryption key for encrypting and decrypting the document file. Then, the document protection program 211 encrypts the document file using the generated encryption key to generate an encrypted document.

  Further, the document protection program 211 generates a protected document by attaching a unique document ID to each encrypted document for each document file.

  After generating the protected document, the document protection program 211 transmits the encryption key, the ACL, and the document ID to the access control server 204 using the communication function of the distributor terminal 201, and requests the access control server 204 to register these. I do.

  The access control server 204 that has received the encryption key, the ACL, and the document ID from the document protection program 211 records and holds them as one record in the ACL database 242 in association with each other, as shown in FIG.

  The above operation will be described in more detail with reference to FIGS.

  First, in FIG. 12, the encryption unit 211a of the document protection program 211 encrypts the document file delivered from the distributor using the encryption key generated by the encryption key acquisition unit 211b. Is passed to the attribute assignment unit 211c.

  The attribute assignment unit 211c generates a document ID, assigns a document ID to the encrypted document passed from the encryption unit 211a, and outputs the document as a protected document.

  The attribute registration unit 211d receives the ACL from the distributor, receives the encryption key from the encryption key acquisition unit 211b, and receives the document ID from the attribute assignment unit 211c, and sends the document ID and the encryption key to the access control server 204. , Passing the ACL to request registration.

  Next, in FIG. 15, the attribute DB registration unit 204a of the access control server 204 registers the passed document ID, encryption key, and ACL in the ACL database 242.

  In the above example, the case where the document protection program 211 generates the document ID and the encryption key is shown, but these processes may be performed by the access control server 204 or a server (not shown).

  Further, if the distributor terminal 201 and the access control server 204 are connected via a network instead of a dedicated line, and there is a risk of eavesdropping when transmitting an encryption key or the like, an SSL (Secure Socket) Layer).

  Any protocol may be used when the document protection program 211 communicates with the access control server 204. For example, a distributed object environment may be introduced to transmit and receive information based on Java (R) Remote Method Invocation (RMI) or Simple Object Access Protocol (SOAP). In this case, the access control server 204 may implement a method such as “register (String docId, byte [] key, byte [] acl)”. If the SOAP is used, the SOAP protocol is exchanged over HTTPS, and if the RMI is used, the RMI is executed using an SSL-based SocketFactory, thereby ensuring security on the network.

  Next, an operation when the document print program 221 prints a protected document will be described.

  FIG. 21 shows an operation flow of the document print program 221 and the access control server 204 when printing a protected document.

  When the document print program 221 obtains the protected document, the user name, and the password by the user's input operation on the input device of the user terminal 202, it obtains the document ID attached to the protected document.

  Then, a user name, a password, a document ID, and an access type (information indicating a process requested by the user. In this case, since a protected document is to be printed, “print” is transmitted) are transmitted to the access control server 204. Request for access right. FIG. 22 is a diagram showing an example of an inquiry by SOAP to the access control server 204, in which a user name (userId), a document ID (docId), and an access type (accessType) are passed to determine whether access is permitted. In this example, an inquiry SOAP message (isAllowed) is transmitted, and the result (isAllowedResponse) is received. The results include what is allowed (allowed is true) and the requirements (requirements).

  When acquiring the user name, the password, the document ID, and the access type from the document print program 221, the access control server 204 refers to the information registered in the user database 241 and performs user authentication.

  In other words, the access control server 204 refers to the information registered in the user database 241 and combines the user name and password included in the information acquired from the document print program 221 into the user database 241. It is determined whether or not it is registered as.

  If the user authentication fails (in other words, if a set of the user name and the password included in the information passed from the document print program 221 is not registered in the user database 241), the access control server 204 Then, the permission information (information indicating whether or not the processing requested by the user is permitted) is transmitted to the user terminal 202 as “non-permission” and passed to the document print program 221. In this case, the permission information indicating "error" may be transferred to the document printing program 221.

  On the other hand, when the user authentication is successful, the access control server 204 reads a record related to the document ID included in the information acquired from the document print program 221 from among the records stored in the ACL database 242.

  The access control server 204 acquires the ACL included in the read record, and acquires permission information and printing requirements from the ACL based on the user name and the access type acquired from the document printing program 221.

  In other words, the access control server 204 acquires the permission information and the printing requirement set in the ACL in advance based on the user name and the access type.

  If the permission information acquired from the ACL is “permitted”, the access control server 204 transmits the encryption key and the printing requirement stored in the record together with the permission information to the user terminal 202 and passes it to the document printing program 221. .

  On the other hand, when the permission information acquired from the ACL is “non-permission”, the access control server 204 transmits only the permission information to the user terminal 202 and passes it to the document print program 221.

  The document print program 221 that has received the permission information from the access control server 204 refers to the obtained permission information. If the permission information is “non-permission”, a message is displayed on the display device of the user terminal 202 or the like. Then, the user is notified that the requested processing cannot be executed.

  On the other hand, if the acquired permission information is “permitted”, the encrypted document portion of the protected document is decrypted using the encryption key passed along with the permission information and restored to a document file.

  Further, the document print program 221 sets the printer driver so as to satisfy the print requirement acquired together with the permission information (for example, sets confidential print mode if PAC is specified), and causes the printer 203 to perform document print processing. Is executed.

  If necessary, a message may be displayed on the display device of the user terminal 202 to request the user to set print parameters.

  If printing that satisfies the printing requirements obtained from the access control server 204 cannot be performed by the printer 203, in other words, if the printer 203 does not have a function that satisfies the printing requirements set in the ACL, this is indicated. The user is notified, for example, by displaying a message on the display device, and the process ends without performing printing.

  The above operation will be described in more detail with reference to FIGS.

  First, in FIG. 13, the decryption key acquisition unit 221b of the document print program 221 confirms the access right to the access control server 204.

  In the access control server 204 that has received the confirmation inquiry, the user authentication unit 204b performs user authentication with reference to the user database 241 and notifies the document print program 221 of the authentication result in FIG. If the user authentication is successful, the access right confirmation unit 204c acquires the permission information and the decryption key with reference to the ACL database 242, and the print requirement acquisition and transmission unit 204d acquires the print requirements. Notice. In FIG. 15, the authentication result is returned once and the authentication result is passed again. However, this may be executed at once. Although the permission information, the decryption key, and the printing requirement are returned separately, these may be returned at once.

  In FIG. 13, when the access right can be confirmed, the decryption key obtaining unit 221b obtains a decryption key from the access control server 204 and passes it to the decryption unit 221a. Further, the printing requirement acquisition unit 221c acquires the printing requirement from the access control server 204 and passes it to the print processing unit 221d.

  The decryption unit 221a decrypts the protected document using the decryption key acquired from the decryption key acquisition unit 221b, obtains a document file, and transfers the document file to the print processing unit 221d.

  Next, in FIG. 14, the requirement processing unit 221e of the print processing unit 221d performs a plurality of processes according to the content of the received printing requirement. That is, for processing that requires processing of the document file itself, such as the above-described BDP, EBC, and SLS, processing information is given to the document processing unit 221f to process the document file, and the processed document file is transferred to the printer driver. The print data is given to the printer 203 and printing is performed. For processing that requires special settings in the printer driver, such as PAC, print settings are made in the printer driver 221g. Further, when it is necessary to display a warning message to the user, the warning message is passed to the warning display unit 221h, and the display device displays the warning message. If it is necessary to keep a print log, the log information is passed to the log recording unit 221i, and the log data is registered in a remote server or the like.

  Through the above operations, it is possible to set different access rights and printing requirements for each user. Further, as described above, in the system configuration in which the server side determines the access right to the document file, the contents of the ACL registered in the ACL database 242 can be changed by an input operation on the distributor terminal 201 or the access control server 204. In this case, it is possible to change the printing requirements after distributing the protected document.

  For example, it is possible to set the access right to the already distributed protected document to a new user, or to add a printing requirement to a specific user.

  Anyone who knows that the document protection / printing system according to the present embodiment protects a document file by the above-described method can cause a computer terminal to execute a program impersonating the document printing program 221. It is also possible to illegally obtain the encryption key and decrypt the protected document. In this case, the protected document can be printed without being forced by the printing requirements set as the ACL.

  For this reason, the document file is not simply encrypted using only the encryption key, but a combination of the secret key and the encryption key embedded in the document protection program 211 (exclusive OR). It is preferable to encrypt the document file with. In this case, by embedding the same secret key in the document print program 221, only the document print program 221 that enforces the print requirements set by the distributor at the time of printing can decrypt and print the protected document. It becomes possible.

  FIGS. 23 and 24 show a configuration example of a type in which a secret key is embedded in the inside as described above. FIG. 23 shows a configuration example of the document protection program 211, and FIG. Only the part related to decoding in the configuration example is shown. In this example, not only the secret key is simply embedded inside, but also a random number is introduced to further strengthen unauthorized access.

  In FIG. 23, the document protection program 211 includes an encryption unit 211a, an encryption key acquisition unit 211b, an attribute assignment unit 211c, an attribute registration unit 211d, and a parameter acquisition unit 211e.

  In operation, the parameter acquisition unit 211e generates a parameter (kp) and passes it to the encryption key acquisition unit 211b. The parameter (kp) is stored in the document protection program 211 or is generated when requested.

  After receiving the parameter (kp) from the parameter obtaining unit 211e, the encryption key obtaining unit 211b generates two random numbers (kd) and (ks), and calculates the encryption key (k) by the equation k = H {ks, kp, kd } Or k = D {kd, D {ks, kp}}, generate the encryption key (k) to the encryption unit 211a, the random number (kd) to the attribute assignment unit 211c, and the random number (ks) to the The information is passed to the attribute registration unit 211d. Note that H {data1, data2,...} Means to calculate a hash value of data1, data2,..., And D {data, key} means to decode data with a key.

  The encryption unit 211a encrypts the document file (doc) delivered from the distributor using the encryption key (k) acquired from the encryption key acquisition unit 211b, and assigns the encrypted document (enc) to the attribute. The information is passed to the assigning unit 211c. The expression is enc = E {doc, k}. E {data, key} means that data is encrypted with the key.

  Next, the attribute assigning unit 211c generates a document ID (id) and assigns the document ID (id) and the random number (kd) passed from the encryption key acquiring unit 211b to the encrypted document (enc) for protection. Output document (enc + id + kd). The attribute assigning unit 211c passes the generated document ID (id) to the attribute registering unit 211d.

  The attribute registration unit 211d sends the document ID (id) passed from the attribute assignment unit 211c, the random number (ks) passed from the encryption key acquisition unit 211b, and the ACL (attr) acquired from the distributor to the access control server 204. Notify and request registration.

  In the decryption, in FIG. 24, the decryption key obtaining unit 221b obtains a random number (kd) from the protected document, and holds the random number (kd) from the parameter obtaining unit 221j inside the document print program 221 or upon request. The generated parameter (kp) is obtained, a random number (ks) is further obtained from the access control server 204, and the expression k = H {ks, kp, kd} or k = D {kd, D as in the case of encryption. Calculate with {ks, kp}} to obtain a decryption key (encryption key) (k).

  Then, the decryption unit 221a decrypts the encrypted document (enc) with the decryption key (k) to obtain a document file (doc).

  23 and 24 are based on the random number (ks) registered in the access control server 204, the random number (kd) in the protected document, and the parameter (kp) obtained from the document protection program 211 or the document print program 221. This is a method for generating an encryption key (decryption key) (k) in this case, but this is a case where the access control server 204 is illegally accessed by a malicious user and a random number (ks) is known. Also, if the random number (kd) and the parameter (kp) are not known, the protected document cannot be decrypted. In an environment where the access control server 204 is sufficiently guarded to prevent unauthorized access, the random number (ks) may be used as it is as the encryption key (decryption key) (k).

  On the other hand, in the second embodiment described so far, the printing requirement is stored only in the access control server 204, but is not limited to such a format, and may be included in a protected document. For example, print requirements that are always specified for a document file regardless of the user may be included in the protected document.

  FIG. 25 shows a configuration example of the document print program 221 when the print requirements are divided into a first print requirement to be included in the protected document and a second print requirement stored in the access control server 204. The requirement acquisition unit 221c acquires the second printing requirement from the access control server 204, the decryption unit 221a acquires the first printing requirement from the protected document, and the print processing unit 221d based on the first printing requirement and the second printing requirement. Print processing. Others are the same as the document print program 221 shown in FIG.

  In the present embodiment, the document print program 221 performs only processing related to printing of a document file. However, the document print program 221 has a function of presenting the contents of a document file to a user and editing the document file. May be provided. For example, it is possible to realize a function of displaying, editing, and printing a portable document file (Portable Document Format: PDF File) as a plug-in of Adobe Acrobat (R).

  FIG. 26 shows a part of the security functions of the printer applied in the above embodiments. These will be specifically described using the system configuration in the second embodiment as an example.

  First, the operation of the document print program 221 when PAC is set as the print requirement will be described. FIG. 27 shows the operation of the document print program 221 when the PAC is set.

  (1) When printing a document file in which a PAC is set, the document print program 221 displays a print dialog and then inputs a personal identification number (PIN) as shown in FIG. A dialog is displayed on the display device of the user terminal 202, and the user is requested to input a PIN.

  (2) When the user inputs a PIN using the input device of the user terminal 202, the document print program 221 sets this in the printer driver and instructs printing.

  The printer driver generates print data (PDL data) described in PDL (Page Description Language) such as Postscript from a document, and converts PJL (Print Job Language) data describing print job information such as the number of copies and an output tray. It is added to the head of PDL data. The printer driver further adds a PIN as a part of the PJL data, and sends the PDL data with the PJL data to the printer 203.

  Upon receiving the PDL data with PJL data, the printer 203 refers to the contents of the PJL data. Save the attached PDL data. When the user inputs the PIN via the operation panel of the printer 203, the printer 203 checks the input PIN against the PIN included in the PJL data, and if they match, the print job conditions (number of copies, tray) included in the PJL data Printout in accordance with PDL data.

  (3) If the PIN cannot be set in the printer driver, that is, if the printer 203 does not support confidential printing, the user is notified to select another printer that supports confidential printing, and the document is printed. The processing ends without performing.

  In this way, after the printing is executed, the printout of the document is not output from the printer 203 until the same PIN input on the operation panel of the printer 203 before the printing is input. Therefore, the printout of the document is not inadvertently left in the printer 203, and the leakage of the document due to the printout can be prevented. Further, communication with the printer 203 may be protected by SSL so that print data flowing on the network is not eavesdropped.

  Further, the document print program 221 may be linked with the user management of the Windows (R) Domain so that the user is not required to input a PIN. For example, instead of prompting the user to enter a PIN, the user ID of the currently logged-on user is acquired from the Windows (R) Domain, and the user ID is sent to the printer 203 together with the print data. The printer 203 may receive a password input from the user on the operation panel, perform user authentication with the user ID and the password using the user authentication mechanism of Windows (R) Domain, and print out if successful. . The present invention is not limited to the Windows (R) Domain, and by linking it with user management that has been introduced in advance, it is possible to reduce troublesome PIN input for the user.

  Next, the operation of the document print program 221 when EBC is set as the print requirement will be described.

  (1) The document print program 221 generates data of barcode image data (or a two-dimensional code) indicating a document ID when printing a document in which EBC is set.

  (2) The document print program 221 sets the generated barcode image data as a stamp image in the printer driver, and instructs the printer 203 to print.

  (3) If EBC cannot be set in the printer driver, that is, if the printer 203 does not support the stamp function, the user is notified to select another printer that supports the stamp function, and printing is not performed. The process ends.

  By doing so, a barcode is printed on each page of the document printout, and only a copier, fax machine, or scanner that can identify this barcode decodes the barcode to obtain the document ID. Based on the document ID, it is possible to determine whether the access control server 204 permits a hard copy, image reading, fax transmission, or the like. As a result, security can be ensured consistently up to the paper document.

  Next, the operation of the document print program 221 when BDP is set as the print requirement will be described.

  (1) When printing a document for which BDP is set, the document print program 221 obtains, as a character string, the user name requesting the print and the print date and time (for example, Ichiro, August 04, 2002). 23:47:10).

  (2) The document print program 221 generates a copy-forgery-inhibited pattern image so that the generated character string rises when a document printout is copied by a copying machine.

  (3) The document print program 221 sets the generated copy-forgery-inhibited pattern image as a stamp in the printer driver, and instructs the printer 203 to print the document.

  (4) If BDP cannot be set in the printer driver, that is, if the printer 203 does not support copy-forgery-inhibited pattern printing, the user is notified to select another printer that supports copy-forgery-inhibited pattern printing, and printing is performed. The processing ends without executing.

  In this way, each page of the document printout is printed as a copy-forgery-inhibited pattern image with the name of the user who executed the print process and the date and time, and the character string is printed when the printout is processed by a copier, scanner, or fax. It will emerge. This is effective when a copying machine that does not support EBC is used, and has a deterrent effect on information leakage caused by copying a printout of a document.

  Next, the operation of the document printing program 221 when SLS is set as the printing requirement will be described.

  (1) When printing a document file in which the SLS is set, the document print program 221 selects an image prepared in advance according to the confidential level of the document (in the case of Top Secret, a mark of “secret”). Etc.).

  (2) The data of the selected image is set as a stamp in the printer driver, and the printer 203 is instructed to print.

  (3) If SLS cannot be set in the printer driver, that is, if the printer 203 does not support SLS, the user is notified to select another printer that supports label stamps, and printing is performed. The processing ends without executing.

  By doing so, “top secret” or “secret” is automatically printed as a stamp on the printout of the document file, so that it is clear that the document is a confidential document. That is, it is possible to call attention to the management of the person who has the printout.

  The above examples are only examples of printing requirements. For example, print a digital watermark to prevent tampering, or print a protected document on special paper. Limited to a tray).

  In addition, the printing requirements may include those that restrict or prohibit the function, those that force the use of the function, and those that specify ordinary printing conditions. As an example of restricting / prohibiting the function, in order to distinguish from the original confidential document, only a special user is permitted to print in color, and the other users are restricted to print only in gray scale. Printing requirements. Examples of forcibly using the function include printing requirements for forcing the use of confidential printing mode, printing requirements for forcing a log, and the name of the user who printed on the printing paper. There are a printing requirement for printing, a printing requirement for forcibly printing a watermark, a printing requirement for forcibly printing a copy-forgery-inhibited pattern, and the like. Examples of specifying normal printing conditions include a printing requirement for specifying A4 as a paper setting, a printing requirement for using a recycled paper tray, and a printing requirement for specifying double-sided printing.

  Further, the description has been made using keywords such as RAD and PAC as the expression format of the printing requirement. However, even if the keyword is not such a keyword, for example, the data itself of the setting file to be set in the printer driver or inserted into the print data. The printing requirements may be defined using data such as data described in a page description language, a character string to be displayed on the screen itself, and contents of requirements to be processed, using data such as data described in a script language. That is, the expression of the printing requirement is not limited to a keyword.

  As described above, by using various security functions supported by the printer 203 to set printing requirements in accordance with the security policy, the security functions of the printer 203 can be used without wasting and consistent security up to printout can be achieved. Can be secured. This is the same in the system configurations of the other embodiments.

  On the other hand, in the above description, the protection target is described as the whole document. However, a portion to be protected (called a segment) and a portion not to be protected may be mixed in the document. . For example, as shown in FIG. 29, a plurality of protected segments may exist in a plurality of protected documents. In this case, if a different segment ID is assigned to each protected segment and the document ID in the above description is read as a segment ID, access control including printing for each protected segment can be controlled based on the same principle. In practice, the beginning and end of the protected segment must be marked with a marker that indicates that the protected segment starts there and that the protected segment ends there. For the method of inserting such a marker, a conventional technique such as a MIME multi-part separator can be used.

  Further, although the description has been given based on the embodiment in which the document protection program is arranged on the distributor terminal, the document protection program body may be arranged on the remote server. For example, the relationship between the distributor terminal 201, the document protection program 211, and the access control server 204 in FIG. 11 can be modified as shown in FIG. By arranging in this way, a protected document can be obtained by sending a document and necessary parameters to a remote server even from a terminal on which the document protection program is not installed.

  The embodiments described above are examples of preferred embodiments of the present invention, and the present invention is not limited to these embodiments.

  For example, in each of the above embodiments, the case where the distributor terminal and the user terminal are separate devices has been described as an example, but they may be configured to share the same device.

  Further, in each of the above embodiments, the case where the user directly operates the user terminal on which the document print program is installed has been described as an example, but the present invention is not limited to this. For example, a configuration in which a document printing program is installed in a server and a user operates a user terminal to execute the document printing program via a network may be adopted.

  The method of user authentication is not limited to a method using a user name and a password, and a PKI-based authentication method using a smart card may be applied.

  As described above, the present invention can be variously modified.

  Further, in the above description, the term "printer" is used, but this is not limited to a printer dedicated to printers in a narrow sense, but also includes copying, facsimile, a composite / integrated device thereof, that is, all devices having a printing function. It means equipment.

FIG. 1 is a diagram illustrating a configuration of a document protection / printing system according to a first embodiment of the present invention; FIG. 4 is a diagram illustrating a configuration example of a document protection program. FIG. 3 is a diagram illustrating a configuration example of a document printing program. FIG. 3 illustrates a configuration example of a print processing unit. FIG. 7 is a diagram illustrating an example of a screen for requesting setting of a password and printing requirements. FIG. 14 is a diagram illustrating an example of a screen for inquiring a storage location of a protected document. It is a figure showing the example of the screen which requests a password. It is a figure showing the example of the confirmation screen displayed on the display of a user terminal. FIG. 5 is a diagram illustrating an operation of the document protection program according to the first embodiment. FIG. 4 is a diagram illustrating an operation of a document printing program according to the first embodiment. FIG. 2 is a diagram illustrating a configuration of a document protection / printing system according to a second embodiment in which the present invention is suitably implemented. FIG. 4 is a diagram illustrating a configuration example of a document protection program. FIG. 3 is a diagram illustrating a configuration example of a document printing program. FIG. 3 illustrates a configuration example of a print processing unit. FIG. 3 is a diagram illustrating a configuration example of an access control server. FIG. 3 is a diagram illustrating a configuration example of an ACL. FIG. 4 is a diagram illustrating a structure example of information recorded in an ACL database. FIG. 9 is a diagram illustrating an example of a screen requesting ACL setting. FIG. 7 is a diagram illustrating an example of a screen requesting a user name (user ID) and a password. FIG. 11 is a diagram illustrating an operation of the document protection program according to the second embodiment. FIG. 13 is a diagram illustrating a flow of operations of a document print program and an access control server according to a second embodiment. FIG. 7 is a diagram illustrating an example of an inquiry to the access control server by SOAP. FIG. 4 is a diagram illustrating a configuration example of a document protection program. It is a figure showing a situation of decoding. FIG. 3 is a diagram illustrating a configuration example of a document printing program. FIG. 3 is a diagram illustrating an example of a security function of the printer. FIG. 9 is a diagram illustrating processing when printing a document in which a PAC is set. It is a figure showing a dialog of PIN input. FIG. 11 is a diagram illustrating processing when a document is protected by being divided into a plurality of segments. FIG. 11 is a diagram illustrating a state where a document protection program is arranged on a remote server.

Explanation of reference numerals

101 Distributor terminal 102 User terminal 103 Printer 111 Document protection program 121 Document printing program 111a Attribute assignment unit 111b Encryption unit 111c Encryption key acquisition unit 111d Parameter acquisition unit 121a Decryption unit 121b Decryption key acquisition unit 121c Parameter acquisition unit 121d Acquisition of printing requirements Unit 121e print processing unit 121f requirement processing unit 121g document processing unit 121h printer driver 121i warning display unit 121j log recording unit 201 distributor terminal 202 user terminal 203 printer 204 access control server 211 document protection program 221 document printing program 241 user database 242 ACL Database 211a Encryption unit 211b Encryption key acquisition unit 211c Addition unit 211d Attribute registration unit 211e Parameter acquisition unit 221a Decryption unit 221b Decryption key acquisition unit 221c Printing requirement acquisition unit 221d Print processing unit 221e Requirements processing unit 221f Document processing unit 221g Printer driver 221h Warning display unit 221i Log recording unit 221j Parameter acquisition unit 204a Attribute DB registration unit 204b User authentication unit 204c Access authority confirmation unit 204d Printing requirement acquisition and transmission unit

Claims (22)

Means for obtaining printing requirements associated with the document file;
Means for forcibly executing the printing requirements when printing the document file.   2. The document printing program according to claim 1, wherein when the encrypted document file is decrypted, the printing requirement is enforced by executing a printing process with the printing requirement. Means for obtaining a decryption key of the encrypted document file;
Means for decrypting the document file based on the obtained decryption key;
Means for obtaining the printing requirements associated with the document file;
3. The document printing program according to claim 2, further comprising: means for executing a printing process that satisfies the acquired printing requirements.   The document printing program according to claim 3, wherein the printing requirement is acquired from the decrypted document file.   5. The document printing program according to claim 4, wherein a decryption key is generated by inputting a password corresponding to an encryption key obtained by encrypting the document file.   6. The document printing program according to claim 5, wherein parameters stored or generated internally are used for generating the decryption key.   4. The document printing program according to claim 3, wherein the printing requirement associated with the document file is obtained from a server via a network. Means for authenticating the user to the server;
8. The document printing program according to claim 7, further comprising: means for acquiring a printing requirement of the authenticated user from an ACL including a printing requirement for each user registered in the server in association with the document file.   9. The document printing program according to claim 8, wherein a parameter corresponding to an encryption key for encrypting the document file is obtained from a server via a network, and a decryption key is derived from the parameter.   The document printing program according to claim 9, wherein a parameter stored or generated internally is used for generating the decryption key.   The document printing program according to claim 9, wherein a parameter included in the document file is used for generating the decryption key. Means for obtaining an encryption key for encrypting the document file;
Means for associating the specified printing requirements with the document file;
Means for encrypting the document file with the encryption key.   13. The document protection program according to claim 12, wherein the document file is associated with the print requirement by encrypting the document file after giving the print requirement.   14. The document protection program according to claim 13, wherein an encryption key is generated based on the input password.   15. The document protection program according to claim 14, wherein a parameter stored or generated internally is used for generating the encryption key.   The document protection program according to claim 12, wherein the printing requirement associated with the document file is registered in a server via a network.   17. The document protection program according to claim 16, wherein the printing requirement is registered as a part of an ACL associated with the document file.   18. The document protection program according to claim 17, wherein an encryption key used for encryption is registered in the server.   19. The document protection program according to claim 18, wherein parameters used for deriving an encryption key used for encryption are registered in the server.   The document protection program according to claim 18, wherein a parameter used for deriving an encryption key used for encryption is added to a part of the document file. A document protection program including means for acquiring an encryption key for encrypting a document file, means for associating specified printing requirements with the document file, and means for encrypting the document file with the encryption key has been implemented. Distributor terminal,
Means for obtaining a decryption key for the encrypted document file; means for decrypting the document file based on the obtained decryption key; means for obtaining printing requirements associated with the document file; A document protection system, comprising: a user terminal on which a document printing program, which is means for executing a printing process that satisfies the printing requirement, is installed. A document protection program including means for obtaining an encryption key for encrypting a document file, means for associating specified printing requirements with the document file, and means for encrypting the document file with the encryption key has been implemented. Server and
Means for obtaining a decryption key for the encrypted document file, means for decrypting the document file based on the obtained decryption key, means for obtaining printing requirements associated with the document file, A document protection system, comprising: a user terminal on which a document printing program, which is means for executing a printing process that satisfies the printing requirement, is installed.

Images