JP2006252231A - Output management device, output management method and its program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an output management system for managing the output of document data including confidential information or the like. <P>SOLUTION: This output management system 1 decides whether or not any keyword is included in document data whose output has been requested, and decides whether or not a user who has made an output request has an output authority for the keyword, and controls the output of the document data whose output has been requested according to the decision result of whether or not the user has the output authority. Thus, it is possible to prevent the leakage of confidential information by limiting the output destination of document data including the confidential information and the user who outputs the document data. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to an output management apparatus that manages output of document data.

For example, Patent Document 1 discloses an image processing apparatus that detects information related to copyright from data to be printed and adds information indicating copy prohibition or information indicating copy permission to printed matter in accordance with the information related to copyright. Disclose.
JP 2000-196786 A

  The present invention has been made based on the above-described background, and an object thereof is to provide an output management apparatus that manages the output of document data including confidential information.

[Output management device]
In order to achieve the above object, an output management apparatus according to the present invention is an output management apparatus that manages output of document data, and whether or not predetermined feature information is included in the document data requested to be output. Feature information determination means for determining whether or not, a user determination means for determining whether or not the user who requested the output has an output authority for the feature information, and the determination results of the feature information determination means and the user determination means And an output control means for controlling the output of the document data requested to be output.

  Preferably, the information processing apparatus further includes a feature information storage unit that stores the feature information related to the document data in association with the output destination specifying information that specifies the output location where the output of the document data is permitted or prohibited.

  Preferably, there is further provided user authentication information storage means for storing user authentication information for authenticating a user having an output authority permitted to output document data.

  Preferably, the output control means outputs the document data when the user determination means determines that the user who requested the output is a user having an output authority having the user authentication information.

  Preferably, the user determination unit determines whether or not the authentication information input by the user who has requested the output matches the user authentication information stored in the user authentication information storage unit.

  Preferably, the output of the document data is image formation with respect to a recording medium, the feature information is an image element formed on the recording medium based on the document data, and the feature information determination unit has an output request. It is determined whether or not the image data stored in the feature information storage means is included in the made document data.

  Preferably, the image element is a character string, and further includes character identification means for identifying a character string included in the document based on document data for which an output request has been made, and the feature information determination means includes the character information It is determined whether the character string identified by the identifying means matches any of the character strings stored by the feature information storage means.

  Preferably, the feature information storage means stores the feature information in association with any of a plurality of security levels, stores each of these security levels in association with the output destination definition information, and outputs the output restriction. The means limits the output of the document data requested to be output according to the confidentiality level corresponding to the feature information of the document data requested to be output.

  Preferably, management information generating means is further provided for generating management information in accordance with the feature information of the document data requested to be output, and adding the generated management information to the document data for output.

  Preferably, the user authentication information includes at least one of login data given to a user having output authority and password data given to a user having output authority.

  Preferably, the user authentication information includes at least one of an ID card given to a user having output authority, an IC card given to a user having output authority, and a memory card given to a user having output authority. It consists of data stored in one.

  Preferably, the user authentication information includes physical characteristic data of a user having an output authority.

  Preferably, the user authentication information includes at least one of fingerprint pattern data of a user having output authority or fundus capillary pattern data of a user having output authority.

[Output management method]
The output management method according to the present invention is an output management apparatus that manages the output of document data, and whether or not a predetermined feature is included in the document data requested to be output by the feature determination means. The user determination unit determines whether the user who requested the output has an output authority for the feature information, and outputs the document data requested to be output according to the determination result of the user determination unit. To control.

[program]
The program according to the present invention determines whether or not the document data requested to be output includes a predetermined feature in the output management apparatus that manages the output of the document data. A step of determining whether the user who has requested the output has an output authority for the feature information by the user determining means, and an output request is made by the output control means in accordance with the determination result of the user determining means. Controlling the output of the document data to be executed by the output management apparatus.

  According to the output management apparatus of the present invention, it is possible to restrict the output of document data.

[First Embodiment]
First, an outline of the output management system 1 in the first embodiment will be described.
FIG. 1 is a diagram illustrating the configuration of a first output management system 1 to which an output management method according to the present invention is applied.
As illustrated in FIG. 1, the output management system 1 includes an image processing device 2 and a plurality of printer devices 3. The output management system 1 manages the output of document data including confidential information. Here, the document data is image data that can be formed on a recording medium. For example, image data generated by the image processing apparatus 2, image data generated by a scanner or digital camera, and received by facsimile. Image data and the like.

The image processing apparatus 2 is a general-purpose computer operated by a user, and is connected to the printer apparatus 3 via a network 4 such as a LAN.
The printer device 3 prints document data on a sheet (recording medium) in response to a request from the image processing device 2. In this example, the first printer device 3A is installed in a security room. Here, the security room is a space where handling of a document with the highest confidential level is allowed. The second printer device 3B is installed in the management target. The management target is a space having a lower confidentiality request than the security room, but is a space managed as a target of confidential management, and includes a security room in this example. The third printer device 3C is installed in a security room or a space not to be managed. Note that the security room and the management target printer device 3 (the printer device 3A and the printer device 3B) are physically or logically separated from a general network in the organization. In other words, only the third printer device 3C can perform printing processing via a general network in the organization.
The administrator terminal 8 is a computer terminal of a confidential administrator who manages confidential information, and is connected to the image processing apparatus 2 via the network 4. The administrator terminal 8 manages the transmission history of the image processing apparatus 2 and the like.

Next, the hardware configuration of the image processing apparatus 2 (output management apparatus) will be described.
FIG. 2 is a diagram illustrating a hardware configuration of the image processing apparatus 2 to which the output management method according to the present invention is applied, centering on the control apparatus 20.
As illustrated in FIG. 2, the image processing apparatus 2 includes a control device 20 including a CPU 202 and a memory 204, a communication device 22, a recording device 24 such as an HDD / CD device, an LCD display device or a CRT display device, and a keyboard. A user interface device (UI device) 26 including a touch panel and the like is included. The UI device 26 includes a card reading device that reads data recorded on an IC card or an ID card, and a detection device that reads a fingerprint pattern, a fundus capillary pattern, or the like that is a physical feature.
The image processing device 2 is, for example, a general-purpose computer in which an output management program 5 (described later) is installed, and acquires image data via the communication device 22 or the recording device 24. Further, the image processing device 2 causes the printer device 3 to print document data via the communication device 22 in response to a user request.

[Output management program]
FIG. 3 is a diagram illustrating a functional configuration of the output management program 5 which is executed by the control device 20 (FIG. 2) and implements the output management method according to the present invention.
As illustrated in FIG. 3, the output management program 5 includes a character identification unit 510, a keyword database (keyword DB) 520 as a first database, a level determination unit 530, and a user authentication database (user authentication) as a second database. DB) 540, a user determination unit 550, an output restriction unit 560, a user interface unit (UI unit) 570, a management information addition unit 580, and an information management unit 590.
The output management program 5 of this example is a part of the printer driver installed in the image processing apparatus 2, but is not limited to this. For example, all or part of the output management program 5 is The printer device 3 may be realized by hardware such as ASIC.

  The character identification unit 510 acquires document data via the communication device 22 (FIG. 2) or the recording device 24 (FIG. 2), and identifies a character string included in the acquired document data. For example, the character identification unit 510 performs OCR processing on the input document data (raster data) to identify a character string included in the document data. Further, the character identification unit 510 may acquire a character code included in the document data from a decomposer that interprets the PDL file and identify the character string included in the document.

The keyword DB 520 stores a predetermined character string included in the document data in association with output destination specifying information that specifies an output location (printer apparatus) where the output of the document data is permitted or prohibited. More specifically, the keyword DB 520 stores the character string selected by the user (character string included in the document) and the confidential level set by the user (the confidential level of this document) in association with each other, Further, the confidential level and the identification information (IP address, MAC address, etc.) of the printer device that is allowed to print the document data are stored in association with each other.
In this example, “high”, “medium”, and “low” are defined as the confidentiality levels. The security level “high” is a level that can be handled only in the security room, and the security level “medium” is a level that is allowed to be handled in the management target in addition to the security room. “Low” is a level that can be handled in all areas, although it is managed as confidential information.

The level determination unit 530 compares the character string identified by the character identification unit 510 (the character string included in the document for which a print request has been made) with the keyword (character string) stored in the keyword DB 520 and prints the character string. Determine the security level of the requested document data. For example, the level determination unit 530 has a plurality of character strings corresponding to the keywords stored in the keyword DB 520 in the document data, and the security levels corresponding to these keywords are different from each other (for example, corresponding to the security level “high”). The higher confidentiality level is adopted as the confidentiality level of this document data (if the character string corresponding to the confidentiality level “medium” is included in the same document). Level “High” is adopted).
Further, when the keyword stored in the keyword DB 520 cannot be found from the document data, the level determination unit 530 determines that the document data is not subject to security management.

  The user authentication DB 540 stores user authentication information for authenticating a user who has output authority for the keyword stored in the keyword DB 520. When there are a plurality of users having the output authority for the keyword stored in the keyword DB 520, the user authentication DB 540 stores a plurality of user authentication information corresponding to each user having the output authority. In this example, “login data”, “password data”, “output cancellation keyword”, and the like are defined as user authentication information.

  Here, the user having the output authority is a user who is permitted to output document data including confidential information (keywords stored in the keyword DB 520). In this example, output of document data including confidential information is restricted (printing prohibited), but output of document data including confidential information is permitted for a user having this output authority. That is, a user having output authority is given output authority (user authentication information) for confidential information (keywords stored in the keyword DB 520) by a security administrator or the like.

  The user determination unit 550 determines whether or not the user who has requested the output has an output authority for confidential information (keywords stored in the keyword DB 520). That is, it is determined whether the authentication information input by the user who has requested the output matches the user information stored in the user authentication DB 540.

The output restriction unit 560 restricts the output destination of the document data requested to be printed according to the security level determined by the level determination unit 530. More specifically, the output restriction unit 560 identifies a printer device corresponding to the security level determined by the level determination unit 530 with reference to a table in which the security level and the printable printer device are associated with each other. To do.
Further, the output restriction unit 560 restricts the output of the document data requested to be printed according to the determination result of the user determination unit 550. More specifically, the output by the printer corresponding to the security level determined by the level determination unit 530 is limited according to whether or not the user who requested the output is a user who has the authority to output the keyword.

  The UI unit 570 controls the UI device 26 (FIG. 2) and receives user input. For example, the UI device 570 receives user authentication information (for example, “login data” and “password data”) input by the user. The UI unit 570 controls the UI device 26 to display warning information and the like. For example, the UI unit 570 displays that the printer device (printer device that is allowed to print) specified by the output restriction unit 560 can be selected as an output destination, and prompts the user to select a printer device.

  The management information addition unit 580 generates management information used for management of confidential information according to the confidential level determined by the level determination unit 530, and adds the generated management information to the document data for which a print request has been made. And print it. The management information adding unit 580 of this example generates a watermark image indicating that the information is confidential information when the determined confidentiality level is “high”, “medium”, or “low”. The watermark image and the document data requested to be printed are combined and transmitted to the printer apparatus 3.

  The information management unit 590 transmits management information to an administrator terminal when a document including confidential information is requested to be transmitted. For example, the information management unit 590 receives a request for transmission of document data corresponding to the confidential level “high”, “medium”, or “low” (that is, when such document data is read). The confidential level of the document data, user authentication information of the user who made the output request, and the like are transmitted as management information to the administrator terminal 8 by e-mail or the like. The management information includes a confidential level and user authentication information of the user who made the output request, a keyword included in the document data (a keyword associated with the confidential level), a date and time when the output request was made, and the like. It may be.

FIG. 4 is a diagram illustrating an output management table stored in the keyword DB 520. FIG. 4A illustrates a first output management table that associates a keyword with a confidential level, and FIG. The second output management table for associating the confidential level with the output permission area will be exemplified.
As illustrated in FIG. 4A, the keyword DB 520 stores a first output management table in which a character string (keyword) input by the user is associated with a security level set by the user. The keyword is preferably a character string (“customer list”, “financial”, “HR”, etc.) highly relevant to confidential information. For example, even if a part of the document data including the confidential information is modified by registering a keyword that is inevitably used in the confidential information in the first output management table, the output management program 5 can execute this document data. Can be detected automatically. Further, by making the keyword registered in the first output management table private, a psychological effect for preventing leakage of confidential information can be expected.
In this example, one security level is associated with one character string. However, the present invention is not limited to this. For example, a combination of a plurality of character strings (AND condition or OR condition) ) May be associated with one security level.

As illustrated in FIG. 4B, the keyword DB 520 stores a second output management table that associates the confidential level set by the user with the output possible area of the document data.
The security levels in this example are “high”, “medium”, and “low”, and each security level is associated with a printer that can print. The security level “high” is associated with the printer device 3A installed in the security room, and the security level “medium” is associated with the printer device 3A and printer device 3B installed in the management target. The level “low” is associated with all the printer apparatuses 3 installed in the organization.
As a result, the output management program 5 can limit the output range of the document data according to the confidential level.

FIG. 5 is a diagram illustrating an output management table stored in the user authentication DB 540. A third output in which a user who has an output authority for a keyword is associated with user authentication information of a user who has an output authority for the keyword. The management table is illustrated.
As illustrated in FIG. 5, the user authentication DB 540 stores a user having output authority, login data and password data, and an output cancellation keyword in association with each other.
For example, login data a1 and password word data a2 are associated with the user a having the output authority, and the output cancellation keyword “patent” is associated with it.
It should be noted that login data and password data corresponding to the login data are given in advance to a user having each output authority by a secret administrator or the like. Further, an output cancel keyword is assigned to a user who has the authority to output a keyword from keywords stored in the keyword DB 520 in advance by a security administrator or the like.
In this example, the user authentication information is “login data”, “password data”, etc., but is not limited to this, and is not limited to this, and is an ID card, IC card, memory card given to a user with output authority. It is also possible to store data such as a physical feature data such as a fingerprint pattern or a fundus capillary pattern of a user who has an output authority.

[Operation]
FIG. 6 is a flowchart for explaining the operation of the output management process (S10) in the output management system 1.

In step 100 (S100), a user who makes a print request for document data designates document data to be printed and performs a print request operation on the image processing apparatus 2.
The image processing apparatus 2 rasterizes the designated document data.
A character identification unit 510 of the output management program 5 (FIG. 3) performs character recognition processing using pattern matching or the like on rasterized document data, and identifies a character string included in the document.

In step 105 (S105), the level determination unit 530 compares the character string identified by the character identification unit 510 with the keyword stored in the keyword DB 520, and in the document data requested to be printed, It is determined whether or not a registered keyword (a character string associated with a confidential level) exists.
The output management program 5 proceeds to the process of S110 when the registered keyword exists in the document data requested to be printed, and proceeds to the process of S165 when the registered keyword does not exist.

In step 110 (S110), the level determination unit 530 further refers to the first output management table (FIG. 4) stored in the keyword DB 520 to determine the confidential level of the document data for which a print request has been made.
The output management program 5 proceeds to the processing of S115 when it is determined that the security level is “high”, and shifts to the processing of S130 when it is determined that the security level is “medium”. If it is determined to be “low”, the process proceeds to S135.

  In step 115 (S115), the output restriction unit 560 instructs the UI unit 570 to display warning information and an input screen. The UI unit 570 displays on the UI device 26 that confidential information is included in the document data and that a login and password are required for printing. Further, the UI unit 570 displays a login / password input operation screen on the UI device 26.

In step 120 (S120), the user inputs a login and a password using the UI device 26.
The user determination unit 550 refers to the user authentication data DB 540 to determine whether or not the user who has requested the output is a user who has output authority for the keyword. That is, the user determination unit 550 refers to the third output management table (FIG. 5) stored in the user authentication DB 540 and determines whether or not the authentication information (login and password) input by the user matches. To do.
Furthermore, the user determination unit 550 determines whether or not the user who has requested the output has an output cancellation keyword. That is, it is determined whether or not the keyword identified in step 100 (S100) matches the output cancellation keyword assigned to the user.

  The output management program 5 determines that the authentication information input by the user matches the user authentication information (login and password) stored in the user authentication DB 540, and determines the keyword and user identified in step 100 (S100). When it is determined that the assigned output cancellation keywords match, the process proceeds to S125. If it is determined that the authentication information input by the user and the user authentication information stored in the user authentication DB 540 do not match, or the keyword identified in step 100 (S100) and the output release assigned to the user If it is determined that the keywords do not match, the process proceeds to S160.

In step 125 (S125), the output restriction unit 560 refers to the second output management table (FIG. 4) stored in the keyword DB 520 and corresponds to the confidential level “high” determined by the level determination unit 530. An output permission area (printer device identification information) is specified. In this example, since “only in the security room” is associated with the confidential level “high”, the output restriction unit 560 identifies the printer device 3A (FIG. 1) installed in the security room, Only the specified printer device 3A can be selected.
The UI unit 570 displays on the UI device 26 that only the printer device 3A can be selected as an output destination in accordance with the selection enabling operation of the output restriction unit 560.

In step 130 (S130), the output restriction unit 560 refers to the second output management table (FIG. 4) and specifies an output permission area (printer device identification information) corresponding to the security level “medium”. In this example, since “only within the management target” is associated with the confidential level “medium”, the output restriction unit 560 includes the printer device 3A and the printer device 3B installed in the management target (FIG. 1). And the selected printer device 3A and printer device 3B can be selected.
The UI unit 570 displays on the UI device 26 that the printer device 3A and the printer device 3B can be selected as output destinations in accordance with the selection enabling operation of the output restriction unit 560.

In step 135 (S135), the output restriction unit 560 refers to the second output management table (FIG. 4), and specifies an output permission area (printer device identification information) corresponding to the security level “low”. In this example, since “all areas” are associated with the security level “low”, the output restriction unit 560 identifies all the printer apparatuses 3 (FIG. 1), and identifies all the identified printer apparatuses. 3 (printer apparatuses 3A to 3C) can be selected.
The UI unit 570 displays on the UI device 26 that the printer devices 3A to 3C can be selected as output destinations in accordance with the selection enabling operation of the output restriction unit 560.

  In step 140 (S140), the management information adding unit 580 synthesizes a watermark image indicating confidential information with the document data input from the character identifying unit 510.

In step 145 (S145), the user uses the UI device 26 to select the printer device 3 as an output destination.
The output restriction unit 560 identifies the printer device 3 selected by the user via the UI unit 570, and determines whether the identified printer device is a selectable printer device.
When the specified printer device (printer device selected by the user) is a selectable printer device (printer device corresponding to the security level), the output management program 5 proceeds to the process of S155 and specifies the specified printer. When the apparatus is not a selectable printer apparatus, the process proceeds to S150.

In step 150 (S150), the output restriction unit 560 prohibits transmission of document data to the management information adding unit 580, and instructs the UI unit 570 to display warning information.
The UI unit 570 displays on the UI device 26 that confidential information is included in the document data and printing cannot be performed by the designated printer device.

In step 155 (S155), the output restriction unit 560 permits the management information adding unit 580 to transmit document data, and notifies the management information adding unit 580 of the identification information of the selected printer device 3.
The management information adding unit 580 transmits the document data with the watermark image added thereto to the selected printer device in accordance with the identification information notified from the output limiting unit 560.
Based on the document data received from the image processing apparatus 2 (output management program 5), the printer apparatus 3 prints the document image to which the watermark image is added on the printing paper.

In step 160 (S160), the output restriction unit 560 instructs the information management unit 590 to transmit management information.
The information management unit 590 transmits the document data output prohibition or permission, the confidential level, the user authentication information of the user who made the output request, and the like as management information to the administrator terminal 8 by e-mail.

In step 165 (S165), the level determination unit 530 determines that the document data requested to be printed is not subject to security management.
The output restriction unit 560 enables all the printer devices 3 to be selected according to the determination of the level determination unit 530 and notifies the management information adding unit 580 of the identification information of the printer device 3 selected by the user.

In step 170 (S170), the management information adding unit 580 selects the printer device 3 selected by the user without adding a watermark image to the document data in accordance with the determination of the level determination unit 530 (not subject to security management). Send document data to.
Based on the document data received from the image processing device 2 (output management program 5), the printer device 3 prints a document image without a watermark image on a print sheet.

As described above, the output management system 1 according to the present embodiment restricts the output of document data including confidential information by authenticating whether the user who requested the output is a user who has the authority to output the keyword. , Leakage of confidential information can be prevented. In addition, the output management system 1 according to the present embodiment manages the character string included in the document in association with the printer device that can output, thereby restricting the output destination of the document data including confidential information, and thereby managing the confidential information. Information leakage can be prevented. Note that any user can freely output a document that does not include a keyword to any printer apparatus 3.
In this example, since a character string highly relevant to confidential information is registered as a keyword, when document data is altered (for example, when only a part of a document is selected and a print instruction is given, Also, it is preferable to prevent leakage of confidential information even when a confidential part digest is created).
Further, in this example, by authenticating a user who has the authority to output confidential information (keywords), output of document data including confidential information is restricted even in a security room, and leakage of confidential information is further prevented. be able to. Further, by authenticating the user who outputs the document data including the confidential information, the leakage can be traced when the confidential information is leaked.

[First Modification]
In the above embodiment, the form of identifying a character string included in document data by OCR processing has been described as a specific example. However, the present invention is not limited to this. For example, a character from a decomposer that interprets a PDL file or the like is used. A character string may be identified by acquiring a code.
In the above-described embodiment, the character string included in the document is used as the feature information related to the document data. However, the present invention is not limited to this. For example, the feature information includes image elements (default marks, ruled lines, etc.). Form), accompanying information (flag indicating confidential level, tag (identification information of application software used for document creation, identification information of document creator, etc.), information embedded in non-output layer), or image attribute (character density) Or a combination thereof may be used as the feature information.

  FIG. 7 is a flowchart for explaining the operation (S12) of the output management program 5 for identifying a character string based on the character code acquired from the decomposer. Note that, in the processing in this figure, the same reference numerals are given to substantially the same processing as shown in FIG.

In step 180 (S180), the user designates document data such as a PDL file and performs a print request operation on the image processing apparatus 2.
The decomposer of the image processing apparatus 2 interprets the document data (PDL file) specified by the user and generates raster data of the document.
The character identification unit 510 of the output management program 5 (FIG. 3) acquires the character code (shift JIS code, etc.) of the character included in the document from the decomposer, and identifies the character string included in the document. In addition to the character string included in the document, the character identification unit 510 may include a predetermined figure included in the document, a format (ruled line, etc.), a character density, or accompanying information (such as a flag) attached to the document data. Header information, embedded information embedded in another layer) and the like may be extracted as the feature information of the document data.

  In step S105, the level determination unit 530 compares the character string identified by the character identification unit 510 with the keyword stored in the keyword DB 520, and registers the keyword registered in the document data requested to be printed. If the registered keyword exists, the process proceeds to S110. If the registered keyword does not exist, the process proceeds to S165. The level determination unit 530 compares the graphic, format, character density, or additional information extracted by the document identification unit 510 with the graphic, format, character density, or additional information stored in the keyword DB 520. It may be determined whether the process proceeds to S110 or S165.

In S110, the level determination unit 530 further refers to the first output management table stored in the keyword DB 520 to determine the confidential level of the document data for which a print request has been made. In this case, the keyword DB 520 may store a first output management table in which graphics, format, character density, or additional information (hereinafter referred to as feature information) and a confidential level are associated with each other.
The output management program 5 proceeds to the processing of S115 when it is determined that the security level is “high”, and shifts to the processing of S130 when it is determined that the security level is “medium”. If it is determined to be “low”, the process proceeds to S135.

  In step 115 (S115), the output restriction unit 560 instructs the UI unit 570 to display warning information and an input screen. The UI unit 570 displays on the UI device 26 that confidential information is included in the document data and that a login and password are required for printing. Further, the UI unit 570 displays a login / password input operation screen on the UI device 26.

In step 120 (S120), the user inputs a login and a password using the UI device 26.
The user determination unit 550 refers to the user authentication data DB 540 to determine whether or not the user who has requested the output is a user who has output authority for the keyword. That is, the user determination unit 550 refers to the third output management table (FIG. 5) stored in the user authentication DB 540 and determines whether or not the authentication information (login and password) input by the user matches. To do.
Furthermore, the user determination unit 550 determines whether or not the user who has requested the output has an output cancellation keyword. That is, it is determined whether or not the keyword identified in step 100 (S100) matches the output cancellation keyword assigned to the user.

  The output management program 5 determines that the authentication information input by the user matches the user authentication information (login and password) stored in the user authentication DB 540, and determines the keyword and user identified in step 100 (S100). When it is determined that the assigned output cancellation keywords match, the process proceeds to S125. If it is determined that the authentication information input by the user and the user authentication information stored in the user authentication DB 540 do not match, or the keyword identified in step 100 (S100) and the output release assigned to the user If it is determined that the keywords do not match, the process proceeds to S160.

In S125, the output restriction unit 560 refers to the second output management table (FIG. 4) stored in the keyword DB 520, and identifies the printer device corresponding to the security level “high” determined by the level determination unit 530. To do. The output restriction unit 560 identifies the installation location of each printer device using GPS or the like, and outputs associated with the identified installation location and the security level on the second output management table (FIG. 4). A printer device that can be selected as an output destination may be determined by comparing with a permission area (position information such as a security room).
The UI unit 570 displays on the UI device 26 that only the specified printer device 3 can be selected as an output destination.

In S130, the output restriction unit 560 refers to the second output management table (FIG. 4) and identifies the printer device corresponding to the security level “medium”.
The UI unit 570 displays on the UI device 26 that only the specified printer device 3 can be selected as an output destination.

In step S135, the output restriction unit 560 refers to the second output management table (FIG. 4) and identifies the printer device corresponding to the security level “low”.
The UI unit 570 displays on the UI device 26 that only the specified printer device 3 can be selected as an output destination.

  In S140, the management information adding unit 580 synthesizes a watermark image indicating confidential information with the document data input from the character identifying unit 510. Note that the management information adding unit 580 may add a character string indicating confidential information to the margin portion of the document instead of the watermark image. The watermark image may be registered in the first output management table of the keyword DB 520. Thereby, it is possible to prevent copying of a document including confidential information.

In S145, the user uses the UI device 26 to select the printer device 3 as an output destination.
The output restriction unit 540 identifies the printer device 3 selected by the user via the UI unit 570 and determines whether the identified printer device is a selectable printer device.
The output management program 5 proceeds to the process of S155 when the identified printer apparatus is a selectable printer apparatus, and proceeds to the process of S150 when the identified printer apparatus is not a selectable printer apparatus. .

In step S150, the output restriction unit 560 prohibits transmission of document data to the management information adding unit 580, and instructs the UI unit 570 to display warning information.
The UI unit 570 displays on the UI device 26 that confidential information is included in the document data and printing cannot be performed by the designated printer device.

In step S155, the output restriction unit 560 permits the management information addition unit 580 to transmit document data, and notifies the management information addition unit 580 of the identification information of the selected printer device 3.
The management information adding unit 580 transmits the document data to which the watermark image or the like is added in accordance with the identification information notified from the output restriction unit 560 to the selected printer device.
Based on the document data received from the image processing device 2 (output management program 5), the printer device 3 prints a document image to which a watermark image or the like is added on a print sheet.

In step 160 (S160), the output restriction unit 560 instructs the information management unit 590 to transmit management information.
The information management unit 590 transmits the document data output prohibition or permission, the confidential level, the user authentication information of the user who made the output request, and the like as management information to the administrator terminal 8 by e-mail.

In step 165 (S165), the level determination unit 530 determines that the document data requested to be printed is not subject to security management.
The management information adding unit 580 makes it possible to select all the printer devices 3 according to the determination of the level determining unit 530, notifies the management information adding unit 560 of the identification information of the printer device 3 selected by the user, and the document data The document data is transmitted to the printer device 3 selected by the user without adding a watermark image or the like to the printer device 3.

  In step 170 (S170), the printer device 3 prints a document image to which a watermark image or the like is not added on a print sheet based on the document data received from the image processing device 2 (output management program 5).

[Second Modification]
In the above-described embodiment, a mode of determining (authenticating) a user who has an output authority for a keyword based on a login and a password has been described as a specific example. However, the present invention is not limited to this. Determine (authenticate) the user having the output authority based on the data stored in the given ID card, IC card, memory card, or the physical feature data such as the fingerprint pattern of the user having the output authority, the fundus capillary pattern, etc. Also good.
In the above-described embodiment, the case where the user having the output authority for the keyword is determined (authenticated) has been described as a specific example in the case of outputting the document data of the confidential level “high”. Instead, for example, when outputting document data including confidential information of each confidential level (“high”, “medium”, and “low”), a user who has output authority for each confidential level keyword is determined (authentication). You may do it.

  FIG. 8 is a diagram illustrating an output management table stored in the user authentication DB 540. FIG. 8 associates a user having output authority, user authentication information of a user having output authority, and an output cancellation keyword. 4 illustrates a fourth output management table.

As illustrated in FIG. 8, the user authentication DB 540 includes a user having output authority and user authentication information given to the user having output authority (in this example, ID card data, IC card data, memory card data, fingerprints). Pattern data, fundus capillary pattern data, and output cancellation keywords) are stored in association with each other.
For example, ID card data a 3, IC card data a 4, memory card data a 5, fingerprint pattern data a 6, fundus capillary pattern data a 7, and output cancellation keyword “patent” are associated with the user a having the output authority. .

  In this example, an ID card, an IC card, and a memory card in which user authentication information is stored are assigned in advance by a secret administrator or the like to a user who has output authority. Further, the fingerprint pattern and fundus capillary pattern of the user having the output authority are converted into electronic data (fingerprint pattern data and fundus capillary pattern data) in advance by a security administrator or the like and recorded in the user authentication DB 540 or the like. The output cancellation keyword is assigned to a user having an output authority from keywords stored in the keyword DB 520 in advance by a security administrator or the like.

  FIG. 9 determines a user who has an output authority for each confidential level keyword when outputting document data including confidential information (keyword) of each confidential level (“high”, “medium”, and “low”). It is a flowchart explaining operation | movement (S14) of the output management program 5. FIG. Note that, in the processing in this figure, the same reference numerals are given to substantially the same processing as shown in FIG.

In step 100 (S100), a user who makes a print request for document data designates document data to be printed and performs a print request operation on the image processing apparatus 2.
The image processing apparatus 2 rasterizes the designated document data.
A character identification unit 510 of the output management program 5 (FIG. 3) performs character recognition processing using pattern matching or the like on rasterized document data, and identifies a character string included in the document.

In step 105 (S105), the level determination unit 530 compares the character string identified by the character identification unit 510 with the keyword stored in the keyword DB 520, and in the document data requested to be printed, It is determined whether or not a registered keyword exists.
The output management program 5 proceeds to the process of S110 when the registered keyword exists in the document data requested to be printed, and proceeds to the process of S165 when the registered keyword does not exist.

In step 110 (S110), the level determination unit 530 further refers to the first output management table (FIG. 4) stored in the keyword DB 520 to determine the confidential level of the document data for which a print request has been made.
The output management program 5 proceeds to the process of S115 when it is determined that the security level is “high”, and shifts to the process of S190 when it is determined that the security level is “medium”. If it is determined to be “low”, the process proceeds to S205.

  In step 115 (S115), the output restriction unit 560 instructs the UI unit 570 to display warning information and an input screen. The UI unit 570 indicates that confidential information is included in the document data, and that any one of an ID card, an IC card, a memory card, a fingerprint pattern, and a fundus capillary pattern is required for printing. To display.

In step 120 (S120), the user uses the UI device 26 to input an ID card, IC card, memory card, or a fingerprint pattern or a fundus capillary pattern.
The user determination unit 550 refers to the user authentication data DB 540 to determine whether or not the user who requested the output is a user who has an output authority. That is, the user determination unit 550 refers to the fourth output management table (FIG. 8) stored in the user authentication DB 540 and performs authentication information (ID card, IC card, memory card, fingerprint pattern, It is determined whether or not the information matches any information of the fundus capillary pattern.
Furthermore, the user determination unit 550 determines whether or not the user who has requested the output has an output cancellation keyword assigned to the security level “high”. That is, it is determined whether or not the keyword identified in step 100 (S100) matches the output cancellation keyword assigned to the user.

  The output management program 5 matches the authentication information input by the user with the user authentication information stored in the user authentication DB 540 (information on an ID card, IC card, memory card, fingerprint pattern, or fundus capillary pattern). If it is determined that the keyword identified in step 100 (S100) matches the output cancel keyword assigned to the user, the process proceeds to S125. If it is determined that the authentication information input by the user and the user authentication information stored in the user authentication DB 540 do not match, or the keyword identified in step 100 (S100) and the output release assigned to the user If it is determined that the keywords do not match, the process proceeds to S160.

In step 125 (S125), the output restriction unit 560 refers to the second output management table (FIG. 4) stored in the keyword DB 520 and corresponds to the confidential level “high” determined by the level determination unit 530. An output permission area (printer device identification information) is specified. In this example, since “only in the security room” is associated with the confidential level “high”, the output restriction unit 560 identifies the printer device 3A (FIG. 1) installed in the security room, Only the specified printer device 3A can be selected.
The UI unit 570 displays on the UI device 26 that only the printer device 3A can be selected as an output destination in accordance with the selection enabling operation of the output restriction unit 560.

  In step 190 (S190), the output restriction unit 560 instructs the UI unit 570 to display warning information and an input screen. The UI unit 570 indicates that confidential information is included in the document data, and that any one of an ID card, an IC card, a memory card, a fingerprint pattern, and a fundus capillary pattern is required for printing. To display.

In step 195 (S195), the user inputs an ID card, IC card, memory card, fingerprint pattern, or fundus capillary pattern using the UI device 26.
The user determination unit 550 refers to the user authentication data DB 540 to determine whether or not the user who requested the output is a user who has an output authority. That is, the user determination unit 550 refers to the fourth output management table (FIG. 8) stored in the user authentication DB 540 and performs authentication information (ID card, IC card, memory card, fingerprint pattern, It is determined whether or not the information matches any information of the fundus capillary pattern.
Further, the user determination unit 550 determines whether or not the user who has requested the output has an output cancellation keyword corresponding to the keyword assigned to the security level “medium”. That is, it is determined whether or not the keyword identified in step 100 (S100) matches the output cancellation keyword assigned to the user.

  The output management program 5 matches the authentication information input by the user with the user authentication information stored in the user authentication DB 540 (information on an ID card, IC card, memory card, fingerprint pattern, or fundus capillary pattern). If it is determined that the keyword identified in step 100 (S100) matches the output cancellation keyword assigned to the user, the process proceeds to S130. If it is determined that the authentication information input by the user and the user authentication information stored in the user authentication DB 540 do not match, or the keyword identified in step 100 (S100) and the output release assigned to the user If it is determined that the keywords do not match, the process proceeds to S160.

In S130, the output restriction unit 560 refers to the second output management table (FIG. 4) and identifies the printer device corresponding to the security level “medium”.
The UI unit 570 displays on the UI device 26 that only the specified printer device 3 can be selected as an output destination.

  In step 205 (S205), the output restriction unit 560 instructs the UI unit 570 to display warning information and an input screen. The UI unit 570 indicates that confidential information is included in the document data, and that any one of an ID card, an IC card, a memory card, a fingerprint pattern, and a fundus capillary pattern is required for printing. To display.

In step 210 (S210), the user inputs one of an ID card, an IC card, a memory card, a fingerprint pattern, and a fundus capillary pattern using the UI device 26.
The user determination unit 550 refers to the user authentication data DB 540 to determine whether or not the user who requested the output is a user who has an output authority. That is, the user determination unit 550 refers to the fourth output management table (FIG. 8) stored in the user authentication DB 540 and performs authentication information (ID card, IC card, memory card, fingerprint pattern, It is determined whether or not the information matches any information of the fundus capillary pattern.
Further, the user determination unit 550 determines whether or not the user who has requested the output has an output cancellation keyword corresponding to the keyword assigned to the security level “low”. That is, it is determined whether or not the keyword identified in step 100 (S100) matches the output cancellation keyword assigned to the user.

  The output management program 5 matches the authentication information input by the user with the user authentication information stored in the user authentication DB 540 (information on an ID card, IC card, memory card, fingerprint pattern, or fundus capillary pattern). If it is determined that the keyword identified in step 100 (S100) matches the output cancel keyword assigned to the user, the process proceeds to S135. If it is determined that the authentication information input by the user and the user authentication information stored in the user authentication DB 540 do not match, or the keyword identified in step 100 (S100) and the output release assigned to the user If it is determined that the keywords do not match, the process proceeds to S160.

In step S135, the output restriction unit 560 refers to the second output management table (FIG. 4) and identifies the printer device corresponding to the security level “low”.
The UI unit 570 displays on the UI device 26 that only the specified printer device 3 can be selected as an output destination.

  In step 140 (S140), the management information adding unit 560 synthesizes a watermark image indicating confidential information with the document data input from the character identifying unit 510.

In step 145 (S145), the user uses the UI device 26 to select the printer device 3 as an output destination.
The output restriction unit 560 identifies the printer device 3 selected by the user via the UI unit 570, and determines whether the identified printer device is a selectable printer device.
When the specified printer device (printer device selected by the user) is a selectable printer device (printer device corresponding to the security level), the output management program 5 proceeds to the process of S155 and specifies the specified printer. When the apparatus is not a selectable printer apparatus, the process proceeds to S150.

In step 150 (S150), the output restriction unit 560 prohibits transmission of document data to the management information adding unit 580, and instructs the UI unit 570 to display warning information.
The UI unit 570 displays on the UI device 26 that confidential information is included in the document data and printing cannot be performed by the designated printer device.

In step 155 (S155), the output restriction unit 560 permits the management information adding unit 580 to transmit document data, and notifies the management information adding unit 580 of the identification information of the selected printer device 3.
The management information adding unit 580 transmits the document data with the watermark image added thereto to the selected printer device in accordance with the identification information notified from the output restriction unit 560.
Based on the document data received from the image processing apparatus 2 (output management program 5), the printer apparatus 3 prints the document image to which the watermark image is added on the printing paper.

In step 160 (S160), the output restriction unit 560 instructs the information management unit 590 to transmit management information.
The information management unit 590 transmits, as management information, the administrator terminal 8 by e-mail the prohibition or permission of output of document data, the confidentiality level, and the match or mismatch of the user authentication information requested for output.

In step 165 (S165), the level determination unit 530 determines that the document data requested to be printed is not subject to security management.
The output restriction unit 560 enables all the printer devices 3 to be selected according to the determination of the level determination unit 530 and notifies the management information adding unit 580 of the identification information of the printer device 3 selected by the user.

In step 170 (S170), the management information adding unit 580 selects the printer device 3 selected by the user without adding a watermark image to the document data in accordance with the determination of the level determination unit 530 (not subject to security management). Send document data to.
Based on the document data received from the image processing device 2 (output management program 5), the printer device 3 prints a document image without a watermark image on a print sheet.

It is a figure which shows an example of the structure of the 1st output management system 1 with which the output management method concerning this invention is applied. It is a figure which illustrates the hardware constitutions of the image processing apparatus 2 to which the output management method concerning this invention is applied centering on the control apparatus 20. FIG. It is a figure which illustrates the functional structure of the output management program 5 which is performed by the control apparatus 20 (FIG. 2) and implement | achieves the output management method concerning this invention. It is a figure which illustrates the output management table memorize | stored in keyword DB520, (A) illustrates the 1st output management table which matches a keyword and a confidential level, (B) is a confidential level, an output permission area | region, and Exemplifies a second output management table for associating. It is a figure which illustrates the 3rd output management table which matches the user who has the output authority with respect to a keyword, and user authentication information (a login, a password, an output cancellation keyword). It is a flowchart explaining operation | movement of the output management process (S10) in the output management system 1. FIG. It is a flowchart explaining operation | movement (S12) of the output management program 5 which identifies a character string based on the character code acquired from the 1st decomposer. It is a figure which illustrates the 4th output management table which matches the user who has the output authority with respect to a keyword, and user authentication information (an ID card, an IC card, a memory card, a fingerprint pattern, a fundus capillary pattern, an output cancellation keyword). It is a flowchart explaining the operation | movement (S14) of the program 5 which determines the user who has the output authority with respect to each confidential level keyword, when outputting the document data containing the confidential information (keyword) of each confidential level.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 ... Output management system 2 ... Image processing apparatus 3 ... Printer apparatus 5 ... Output management program 8 ... Manager terminal 510 ... Character identification part 520 ... Keyword database 530 ... Level judgment unit 540: User authentication database 550 ... User judgment unit 560 ... Output restriction unit 570 ... User interface unit 580 ... Management information addition unit 590 ... Information management unit

Claims (15)

An output management device for managing the output of document data,
Feature information determination means for determining whether or not predetermined feature information is included in the document data requested to be output;
User determination means for determining whether or not the user who made the output request has an output authority for the feature information;
Output control means for controlling the output of the document data requested to be output in accordance with the determination results of the feature information determination means and the user determination means;
An output management device.   2. The image output apparatus according to claim 1, further comprising a feature information storage unit that stores feature information relating to the document data in association with output destination specifying information that specifies an output location where the output of the document data is permitted or prohibited.   2. The image forming apparatus according to claim 1, further comprising user authentication information storage means for storing user authentication information for authenticating a user having an output authority permitted to output document data.   2. The output management according to claim 1, wherein the output control unit outputs the document data when the user determination unit determines that the user who requested the output is a user having an output authority having the user authentication information. apparatus.   The output management apparatus according to claim 2, wherein the user determination unit determines whether the authentication information input by the user who has requested the output matches the user authentication information stored in the user authentication information storage unit. The output of the document data is image formation on a recording medium,
The feature information is an image element formed on a recording medium based on document data,
The output management apparatus according to claim 2, wherein the feature information determination unit determines whether the image data stored in the feature information storage unit is included in the document data requested to be output. The image element is a character string,
Further comprising character identification means for identifying a character string included in the document based on the document data requested to be output;
The output management apparatus according to claim 6, wherein the feature information determination unit determines whether the character string identified by the character identification unit matches any of the character strings stored by the feature information storage unit. . The feature information storage means stores the feature information in association with any of a plurality of security levels, stores each of these security levels in association with the output destination definition information,
The output management apparatus according to claim 2, wherein the output restriction unit restricts output of the document data requested to be output in accordance with a confidential level corresponding to the feature information of the document data requested to be output. The output management apparatus according to claim 1, further comprising management information generating means for generating management information according to the feature information of the document data requested to be output, and adding the generated management information to the document data for output. .   4. The output management apparatus according to claim 3, wherein the user authentication information includes at least one of login data assigned to a user having output authority and password data assigned to a user having output authority.   The user authentication information is stored in at least one of an ID card given to a user having output authority, an IC card given to a user having output authority, and a memory card given to a user having output authority. The output management apparatus according to claim 3, comprising: data.   The output management apparatus according to claim 3, wherein the user authentication information includes physical feature data of a user having an output authority.   13. The output management apparatus according to claim 12, wherein the user authentication information includes at least one of fingerprint pattern data of a user having output authority or fundus capillary pattern data of a user having output authority. An output management device for managing the output of document data,
The feature determination means determines whether or not a predetermined feature is included in the document data requested to be output,
By the user determination means, it is determined whether the user who requested the output has the output authority for the feature information,
An output management method for controlling output of document data requested to be output in accordance with a determination result of a user determination unit. In an output management device that manages the output of document data,
Determining whether or not a predetermined feature is included in the document data requested to be output by the feature determination means;
Determining whether or not the user who has requested the output has an output authority for the feature information by the user determination means;
A step of controlling the output of the document data requested to be output by the output control means according to the determination result of the user determination means;
A program for causing the output management apparatus to execute.

Images